<!DOCTYPE html>
<html lang="en-US" prefix="og: https://ogp.me/ns#" >
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width">
<!-- WP_HEAD() START -->
<meta name="viewport" content="width=device-width, initial-scale=1" />

<!-- Search Engine Optimization by Rank Math - https://s.rankmath.com/home -->
<title>Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife - Yoroi</title>
<meta name="robots" content="follow, index, max-snippet:-1, max-video-preview:-1, max-image-preview:large"/>
<link rel="canonical" href="https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/" />
<meta property="og:locale" content="en_US" />
<meta property="og:type" content="article" />
<meta property="og:title" content="Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife - Yoroi" />
<meta property="og:description" content="Introduction 2020 was a really intense year in terms of APT activities, in fact it brought us new evidence of sophisticated campaigns targeting Enterprises organization across Europe and also Italy. In particular the threat group we track as TH-239, also mentioned as UNC1945 by FireEye security researchers, has been one of the sneakiest.&nbsp; We discussed [&hellip;]" />
<meta property="og:url" content="https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/" />
<meta property="og:site_name" content="Yoroi" />
<meta property="article:publisher" content="https://www.facebook.com/weareyoroi" />
<meta property="article:tag" content="apt" />
<meta property="article:tag" content="enterprise" />
<meta property="article:tag" content="europe" />
<meta property="article:tag" content="finance" />
<meta property="article:tag" content="malware" />
<meta property="article:tag" content="threat" />
<meta property="article:section" content="research" />
<meta property="og:updated_time" content="2021-01-12T15:17:11+02:00" />
<meta property="og:image" content="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/steelcorgi2.jpg" />
<meta property="og:image:secure_url" content="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/steelcorgi2.jpg" />
<meta property="og:image:width" content="1280" />
<meta property="og:image:height" content="853" />
<meta property="og:image:alt" content="Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife" />
<meta property="og:image:type" content="image/jpeg" />
<meta name="twitter:card" content="summary_large_image" />
<meta name="twitter:title" content="Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife - Yoroi" />
<meta name="twitter:description" content="Introduction 2020 was a really intense year in terms of APT activities, in fact it brought us new evidence of sophisticated campaigns targeting Enterprises organization across Europe and also Italy. In particular the threat group we track as TH-239, also mentioned as UNC1945 by FireEye security researchers, has been one of the sneakiest.&nbsp; We discussed [&hellip;]" />
<meta name="twitter:image" content="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/steelcorgi2.jpg" />
<meta name="twitter:label1" content="Written by" />
<meta name="twitter:data1" content="malwarezlab" />
<meta name="twitter:label2" content="Time to read" />
<meta name="twitter:data2" content="12 minutes" />
<script type="application/ld+json" class="rank-math-schema">{"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://yoroi.company/#organization","name":"Yoroi","url":"https://yoroi.company","logo":{"@type":"ImageObject","@id":"https://yoroi.company/#logo","url":"https://yoroi.company/wp-content/uploads/2021/07/Mezzo-busto-1.png","caption":"Yoroi","inLanguage":"en-US","width":"240","height":"240"}},{"@type":"WebSite","@id":"https://yoroi.company/#website","url":"https://yoroi.company","name":"Yoroi","publisher":{"@id":"https://yoroi.company/#organization"},"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/steelcorgi2.jpg?fit=1280%2C853&amp;ssl=1","url":"https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/steelcorgi2.jpg?fit=1280%2C853&amp;ssl=1","width":"1280","height":"853","inLanguage":"en-US"},{"@type":"Person","@id":"https://yoroi.company/author/malwarezlab/","name":"malwarezlab","url":"https://yoroi.company/author/malwarezlab/","image":{"@type":"ImageObject","@id":"https://secure.gravatar.com/avatar/de2eca8af7bbfde2ee4a84d59a3aa23f?s=96&amp;d=mm&amp;r=g","url":"https://secure.gravatar.com/avatar/de2eca8af7bbfde2ee4a84d59a3aa23f?s=96&amp;d=mm&amp;r=g","caption":"malwarezlab","inLanguage":"en-US"},"worksFor":{"@id":"https://yoroi.company/#organization"}},{"@type":"WebPage","@id":"https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/#webpage","url":"https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/","name":"Opening \u201cSTEELCORGI\u201d: A Sophisticated APT Swiss Army Knife - Yoroi","datePublished":"2021-01-12T15:17:10+02:00","dateModified":"2021-01-12T15:17:11+02:00","author":{"@id":"https://yoroi.company/author/malwarezlab/"},"isPartOf":{"@id":"https://yoroi.company/#website"},"primaryImageOfPage":{"@id":"https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/steelcorgi2.jpg?fit=1280%2C853&amp;ssl=1"},"inLanguage":"en-US"},{"@type":"BlogPosting","headline":"Opening \u201cSTEELCORGI\u201d: A Sophisticated APT Swiss Army Knife - Yoroi","datePublished":"2021-01-12T15:17:10+02:00","dateModified":"2021-01-12T15:17:11+02:00","author":{"@id":"https://yoroi.company/author/malwarezlab/"},"publisher":{"@id":"https://yoroi.company/#organization"},"description":"2020 was a really intense year in terms of APT activities, in fact it brought us new evidence of sophisticated campaigns targeting Enterprises organization across Europe and also Italy. In particular the threat group we track as TH-239, also mentioned as UNC1945 by FireEye security researchers, has been one of the sneakiest.&nbsp;","name":"Opening \u201cSTEELCORGI\u201d: A Sophisticated APT Swiss Army Knife - Yoroi","@id":"https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/#richSnippet","isPartOf":{"@id":"https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/#webpage"},"image":{"@id":"https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/steelcorgi2.jpg?fit=1280%2C853&amp;ssl=1"},"inLanguage":"en-US","mainEntityOfPage":{"@id":"https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/#webpage"}}]}</script>
<!-- /Rank Math WordPress SEO plugin -->

<title>Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife - Yoroi</title>
<link rel='dns-prefetch' href='//www.google.com' />
<link rel='dns-prefetch' href='//s.w.org' />
<link rel='dns-prefetch' href='//c0.wp.com' />
<link rel='dns-prefetch' href='//i0.wp.com' />
<link rel="alternate" type="application/rss+xml" title="Yoroi &raquo; Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife Comments Feed" href="https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/feed/" />
<link rel='stylesheet' id='dashicons-css'  href='https://c0.wp.com/c/5.8.2/wp-includes/css/dashicons.min.css' type='text/css' media='all' />
<link rel='stylesheet' id='elusive-css'  href='https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/elusive.min.css?ver=2.0' type='text/css' media='all' />
<link rel='stylesheet' id='font-awesome-css'  href='https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/font-awesome.min.css?ver=4.6.3' type='text/css' media='all' />
<link rel='stylesheet' id='foundation-icons-css'  href='https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/foundation-icons.min.css?ver=3.0' type='text/css' media='all' />
<link rel='stylesheet' id='genericons-css'  href='https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/genericons.min.css?ver=3.4' type='text/css' media='all' />
<link rel='stylesheet' id='slick-menu-icons-extra-css'  href='https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/css/extra.min.css?ver=0.10.1' type='text/css' media='all' />
<link rel='stylesheet' id='wp-block-library-css'  href='https://c0.wp.com/c/5.8.2/wp-includes/css/dist/block-library/style.min.css' type='text/css' media='all' />
<style id='wp-block-library-inline-css' type='text/css'>
.has-text-align-justify{text-align:justify;}
</style>
<link rel='stylesheet' id='mediaelement-css'  href='https://c0.wp.com/c/5.8.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css' type='text/css' media='all' />
<link rel='stylesheet' id='wp-mediaelement-css'  href='https://c0.wp.com/c/5.8.2/wp-includes/js/mediaelement/wp-mediaelement.min.css' type='text/css' media='all' />
<link rel='stylesheet' id='contact-form-7-css'  href='https://yoroi.company/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.2' type='text/css' media='all' />
<link rel='stylesheet' id='cookie-law-info-css'  href='https://yoroi.company/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.6' type='text/css' media='all' />
<link rel='stylesheet' id='cookie-law-info-gdpr-css'  href='https://yoroi.company/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.6' type='text/css' media='all' />
<link rel='stylesheet' id='mailup-css'  href='https://yoroi.company/wp-content/plugins/mailup-email-and-newsletter-subscription-form/public/css/mailup-public.css?ver=1.2.0' type='text/css' media='all' />
<link rel='stylesheet' id='oxygen-aos-css'  href='https://yoroi.company/wp-content/plugins/oxygen/component-framework/vendor/aos/aos.css?ver=5.8.2' type='text/css' media='all' />
<link rel='stylesheet' id='oxygen-css'  href='https://yoroi.company/wp-content/plugins/oxygen/component-framework/oxygen.css?ver=3.7.1' type='text/css' media='all' />
<link rel='stylesheet' id='contact-form-7-email-spam-blocker-css'  href='https://yoroi.company/wp-content/plugins/wp-contact-form7-email-spam-blocker/public/css/contact-form-7-email-spam-blocker-public.css?ver=1.0.0' type='text/css' media='all' />
<link rel='stylesheet' id='slick-menu-animate-css'  href='https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/animate/animate.css?ver=1.2.7' type='text/css' media='all' />
<link rel='stylesheet' id='slick-menu-slickmenu-css'  href='https://yoroi.company/wp-content/plugins/slick-menu/assets/css/slickmenu.min.css?ver=1.2.7' type='text/css' media='all' />
<link rel='stylesheet' id='twentytwenty-jetpack-css'  href='https://yoroi.company/wp-content/plugins/jetpack/modules/theme-tools/compat/twentytwenty.css?ver=10.5-a.3' type='text/css' media='all' />
<link rel='stylesheet' id='slick-menu-dynamic-css'  href='https://yoroi.company/?sm_ajax=dynamic_styles&#038;t=1640290164&#038;ver=1.2.7' type='text/css' media='all' />
<link rel='stylesheet' id='jetpack_css-css'  href='https://yoroi.company/wp-content/plugins/jetpack/css/jetpack.css?ver=10.5-a.3' type='text/css' media='all' />
<script type='text/javascript' src='https://c0.wp.com/c/5.8.2/wp-includes/js/jquery/jquery.min.js' id='jquery-core-js'></script>
<script type='text/javascript' id='cookie-law-info-js-extra'>
/* <![CDATA[ */
var Cli_Data = {"nn_cookie_ids":["cookielawinfo-checkbox-advertisement","_GRECAPTCHA","YSC","VISITOR_INFO1_LIVE","yt-remote-device-id","yt-remote-connected-devices","yt.innertube::requests","yt.innertube::nextId","_ga","_gid","_gat_gtag_UA_209986505_1","CONSENT"],"cookielist":[],"non_necessary_cookies":{"analytics":["_ga","_gid","_gat_gtag_UA_209986505_1","CONSENT"],"advertisement":["YSC","VISITOR_INFO1_LIVE","yt-remote-device-id","yt-remote-connected-devices","yt.innertube::requests","yt.innertube::nextId"]},"ccpaEnabled":"","ccpaRegionBased":"","ccpaBarEnabled":"","strictlyEnabled":["necessary","obligatoire"],"ccpaType":"gdpr","js_blocking":"1","custom_integration":"","triggerDomRefresh":"","secure_cookies":""};
var cli_cookiebar_settings = {"animate_speed_hide":"500","animate_speed_show":"500","background":"#FFF","border":"#b1a6a6c2","border_on":"","button_1_button_colour":"#61a229","button_1_button_hover":"#4e8221","button_1_link_colour":"#fff","button_1_as_button":"1","button_1_new_win":"","button_2_button_colour":"#333","button_2_button_hover":"#292929","button_2_link_colour":"#444","button_2_as_button":"","button_2_hidebar":"","button_3_button_colour":"#dedfe0","button_3_button_hover":"#b2b2b3","button_3_link_colour":"#333333","button_3_as_button":"1","button_3_new_win":"","button_4_button_colour":"#dedfe0","button_4_button_hover":"#b2b2b3","button_4_link_colour":"#333333","button_4_as_button":"1","button_7_button_colour":"#61a229","button_7_button_hover":"#4e8221","button_7_link_colour":"#fff","button_7_as_button":"1","button_7_new_win":"","font_family":"inherit","header_fix":"","notify_animate_hide":"1","notify_animate_show":"","notify_div_id":"#cookie-law-info-bar","notify_position_horizontal":"right","notify_position_vertical":"bottom","scroll_close":"","scroll_close_reload":"","accept_close_reload":"","reject_close_reload":"","showagain_tab":"","showagain_background":"#fff","showagain_border":"#000","showagain_div_id":"#cookie-law-info-again","showagain_x_position":"100px","text":"#333333","show_once_yn":"","show_once":"10000","logging_on":"","as_popup":"","popup_overlay":"1","bar_heading_text":"","cookie_bar_as":"banner","popup_showagain_position":"bottom-right","widget_position":"left"};
var log_object = {"ajax_url":"https:\/\/yoroi.company\/wp-admin\/admin-ajax.php"};
/* ]]> */
</script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.6' id='cookie-law-info-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/mailup-email-and-newsletter-subscription-form/admin/js/jquery.validate.min.js?ver=1.19.3' id='mailup_validate-js'></script>
<script type='text/javascript' id='mailup-js-extra'>
/* <![CDATA[ */
var mailup_params = {"ajax_url":"https:\/\/yoroi.company\/wp-admin\/admin-ajax.php","ajaxNonce":"b3421b6d5a"};
/* ]]> */
</script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/mailup-email-and-newsletter-subscription-form/public/js/mailup-public.js?ver=1.2.0' id='mailup-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/oxygen/component-framework/vendor/aos/aos.js?ver=1' id='oxygen-aos-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/wp-contact-form7-email-spam-blocker/public/js/contact-form-7-email-spam-blocker-public.js?ver=1.0.0' id='contact-form-7-email-spam-blocker-js'></script>
<link rel="https://api.w.org/" href="https://yoroi.company/wp-json/" /><link rel="alternate" type="application/json" href="https://yoroi.company/wp-json/wp/v2/posts/4878" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://yoroi.company/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://yoroi.company/wp-includes/wlwmanifest.xml" /> 

<link rel='shortlink' href='https://yoroi.company/?p=4878' />
<link rel="alternate" type="application/json+oembed" href="https://yoroi.company/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fyoroi.company%2Fresearch%2Fopening-steelcorgi-a-sophisticated-apt-swiss-army-knife%2F" />
<link rel="alternate" type="text/xml+oembed" href="https://yoroi.company/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fyoroi.company%2Fresearch%2Fopening-steelcorgi-a-sophisticated-apt-swiss-army-knife%2F&#038;format=xml" />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script type="text/plain" data-cli-class="cli-blocker-script"  data-cli-script-type="analytics" data-cli-block="true"  data-cli-element-position="head" async src="https://www.googletagmanager.com/gtag/js?id=UA-209986505-1"></script>
<script type="text/plain" data-cli-class="cli-blocker-script"  data-cli-script-type="analytics" data-cli-block="true"  data-cli-element-position="head">
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'UA-209986505-1');
  gtag('config', 'GA_TRACKING_ID', { 'anonymize_ip': true });
</script><meta name="theme-color" content="#a52929"><style type='text/css'>img#wpstats{display:none}</style>
				<style type="text/css">
			.recentcomments a {
				display: inline !important;
				padding: 0 !important;
				margin: 0 !important;
			}

			table.recentcommentsavatartop img.avatar, table.recentcommentsavatarend img.avatar {
				border: 0px;
				margin: 0;
			}

			table.recentcommentsavatartop a, table.recentcommentsavatarend a {
				border: 0px !important;
				background-color: transparent !important;
			}

			td.recentcommentsavatarend, td.recentcommentsavatartop {
				padding: 0px 0px 1px 0px;
				margin: 0px;
			}

			td.recentcommentstextend {
				border: none !important;
				padding: 0px 0px 2px 10px;
			}

			.rtl td.recentcommentstextend {
				padding: 0px 10px 2px 0px;
			}

			td.recentcommentstexttop {
				border: none;
				padding: 0px 0px 0px 10px;
			}

			.rtl td.recentcommentstexttop {
				padding: 0px 10px 0px 0px;
			}
		</style>
		<link rel="amphtml" href="https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/amp/">			<style type="text/css">
				/* If html does not have either class, do not show lazy loaded images. */
				html:not( .jetpack-lazy-images-js-enabled ):not( .js ) .jetpack-lazy-image {
					display: none;
				}
			</style>
			<script>
				document.documentElement.classList.add(
					'jetpack-lazy-images-js-enabled'
				);
			</script>
		<link rel="icon" href="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/07/cropped-Mezzo-busto-1.png?fit=32%2C32&#038;ssl=1" sizes="32x32" />
<link rel="icon" href="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/07/cropped-Mezzo-busto-1.png?fit=192%2C192&#038;ssl=1" sizes="192x192" />
<link rel="apple-touch-icon" href="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/07/cropped-Mezzo-busto-1.png?fit=180%2C180&#038;ssl=1" />
<meta name="msapplication-TileImage" content="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/07/cropped-Mezzo-busto-1.png?fit=270%2C270&#038;ssl=1" />
<link href="https://fonts.googleapis.com/css?family=Work+Sans:100,200,300,400,500,600,700,800,900|Work+Sans:100,200,300,400,500,600,700,800,900" rel="stylesheet"><link rel='stylesheet' id='oxygen-styles-css'  href='//yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/?xlink=css&#038;ver=5.8.2' type='text/css' media='all' />
<!-- END OF WP_HEAD() -->
</head>
<body class="post-template-default single single-post postid-4878 single-format-standard  wp-embed-responsive oxygen-body" >



						<header id="_header-104-8" class="oxy-header-wrapper oxy-overlay-header oxy-header" ><div id="_header_row-105-8" class="oxy-header-row header" ><div class="oxy-header-container"><div id="_header_left-106-8" class="oxy-header-left" ></div><div id="_header_center-107-8" class="oxy-header-center" ><nav id="_nav_menu-110-8" class="oxy-nav-menu oxy-nav-menu-dropdowns oxy-nav-menu-dropdown-arrow" ><div class='oxy-menu-toggle'><div class='oxy-nav-menu-hamburger-wrap'><div class='oxy-nav-menu-hamburger'><div class='oxy-nav-menu-hamburger-line'></div><div class='oxy-nav-menu-hamburger-line'></div><div class='oxy-nav-menu-hamburger-line'></div></div></div></div><div class="menu-menu-eng-container"><ul id="menu-menu-eng" class="oxy-nav-menu-list"><li id="menu-item-62" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-62"><a href="https://yoroi.company/defence-center/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Defence center</span>
					
				</span>
				
			</span>
			</a></li>
<li id="menu-item-354" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-354"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Solutions</span>
					
				</span>
				
			</span>
			</a>
<ul class="sub-menu">
	<li id="menu-item-355" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-355"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Before Attack</span>
					
				</span>
				
			</span>
			</a>
	<ul class="sub-menu">
		<li id="menu-item-358" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-358"><a href="https://yoroi.company/category/technologies/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Technologies</span>
					
				</span>
				
			</span>
			</a>
		<ul class="sub-menu">
			<li id="menu-item-364" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-364"><a href="https://yoroi.company/threat-intelligence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat intelligence</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-365" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-365"><a href="https://yoroi.company/service/dns-defence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">DNS Defence</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-366" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-366"><a href="https://yoroi.company/service/kanwa/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Kanwa</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-367" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-367"><a href="https://yoroi.company/service/genku/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Genku</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-368" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-368"><a href="https://yoroi.company/service/digital-surveillance/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Digital Surveillance</span>
					
				</span>
				
			</span>
			</a></li>
		</ul>
</li>
		<li id="menu-item-359" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-359"><a href="https://yoroi.company/category/services/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Services</span>
					
				</span>
				
			</span>
			</a>
		<ul class="sub-menu">
			<li id="menu-item-369" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-369"><a href="https://yoroi.company/service/security-compliance/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Infrastructure &#038; Systems compliance</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-370" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-370"><a href="https://yoroi.company/service/scam-protection/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Scam Protection</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-371" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-371"><a href="https://yoroi.company/service/scada-security/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">SCADA Security</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-372" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-372"><a href="https://yoroi.company/service/early-warning/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Early Warning</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-373" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-373"><a href="https://yoroi.company/service/wi-fi-infrastructure-assessment/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Wi-Fi Infrastructure Assessment</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-380" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-380"><a href="https://yoroi.company/service/vulnerability-assessment/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Vulnerability Assessment</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-374" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-374"><a href="https://yoroi.company/service/targeted-attack-simulation/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Adversarial Simulation</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-379" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-379"><a href="https://yoroi.company/service/cert-computer-emergency-response-team/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat Hunting</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-378" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-378"><a href="https://yoroi.company/service/siem-management/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">SIEM management</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-377" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-377"><a href="https://yoroi.company/service/security-infrastructure-assessment-sia/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Security Infrastructure Assessment (SIA)</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-376" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-376"><a href="https://yoroi.company/service/penetration-testing/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Penetration Testing</span>
					
				</span>
				
			</span>
			</a></li>
		</ul>
</li>
	</ul>
</li>
	<li id="menu-item-356" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-356"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">During Attack</span>
					
				</span>
				
			</span>
			</a>
	<ul class="sub-menu">
		<li id="menu-item-360" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-360"><a href="https://yoroi.company/category/technologies/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Technologies</span>
					
				</span>
				
			</span>
			</a>
		<ul class="sub-menu">
			<li id="menu-item-381" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-381"><a href="https://yoroi.company/threat-intelligence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat intelligence</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-383" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-383"><a href="https://yoroi.company/service/kanwa/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Kanwa</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-384" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-384"><a href="https://yoroi.company/service/yomi/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Yomi</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-382" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-382"><a href="https://yoroi.company/service/email-protection/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Email Protection</span>
					
				</span>
				
			</span>
			</a></li>
		</ul>
</li>
		<li id="menu-item-361" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-361"><a href="https://yoroi.company/category/services/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Services</span>
					
				</span>
				
			</span>
			</a>
		<ul class="sub-menu">
			<li id="menu-item-386" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-386"><a href="https://yoroi.company/service/irt/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">IRT (Incident Response Team)</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-385" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-385"><a href="https://yoroi.company/category/threat/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Managed Advanced Threat Protection</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-375" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-375"><a href="https://yoroi.company/service/kickback-attack/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">KickBack Attack</span>
					
				</span>
				
			</span>
			</a></li>
		</ul>
</li>
	</ul>
</li>
	<li id="menu-item-357" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-357"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">After Attack</span>
					
				</span>
				
			</span>
			</a>
	<ul class="sub-menu">
		<li id="menu-item-363" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-363"><a href="https://yoroi.company/category/technologies/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Technologies</span>
					
				</span>
				
			</span>
			</a>
		<ul class="sub-menu">
			<li id="menu-item-388" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-388"><a href="https://yoroi.company/threat-intelligence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat intelligence</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-389" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-389"><a href="https://yoroi.company/service/kanwa/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Kanwa</span>
					
				</span>
				
			</span>
			</a></li>
		</ul>
</li>
		<li id="menu-item-362" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-362"><a href="https://yoroi.company/category/services/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Services</span>
					
				</span>
				
			</span>
			</a>
		<ul class="sub-menu">
			<li id="menu-item-387" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-387"><a href="https://yoroi.company/service/wi-fi-infrastructure-assessment/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Wi-Fi Infrastructure Assessment</span>
					
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-390" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-390"><a href="https://yoroi.company/service/cert-computer-emergency-response-team/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat Hunting</span>
					
				</span>
				
			</span>
			</a></li>
		</ul>
</li>
	</ul>
</li>
</ul>
</li>
<li id="menu-item-5336" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-5336"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Blogs</span>
					
				</span>
				
			</span>
			</a>
<ul class="sub-menu">
	<li id="menu-item-199" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-199"><a href="https://yoroi.company/blog/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Yoroi Blog</span>
					
				</span>
				
			</span>
			</a></li>
	<li id="menu-item-5337" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-5337"><a href="https://marcoramilli.com/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Marco Ramilli Blog</span>
					
				</span>
				
			</span>
			</a></li>
</ul>
</li>
<li id="menu-item-60" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-home menu-item-60"><a href="https://yoroi.company/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Home</span>
					
				</span>
				
			</span>
			</a></li>
<li id="menu-item-311" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-311"><a href="https://yoroi.company/downloads/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Downloads</span>
					
				</span>
				
			</span>
			</a></li>
<li id="menu-item-61" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-61"><a href="https://yoroi.company/about-us/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">About us</span>
					
				</span>
				
			</span>
			</a></li>
<li id="menu-item-200" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-200"><a href="https://yoroi.company/contacts/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Contacts</span>
					
				</span>
				
			</span>
			</a></li>
</ul></div></nav></div><div id="_header_right-108-8" class="oxy-header-right" ></div></div></div><div id="_header_row-111-8" class="oxy-header-row header" ><div class="oxy-header-container"><div id="_header_left-112-8" class="oxy-header-left" ><a id="link-120-8" class="ct-link" href="https://yoroi.company/" target="_self"  ><img id="image-115-8" alt="Logo" src="https://yoroi.company/wp-content/uploads/2020/01/logo-head.svg" class="ct-image"/></a></div><div id="_header_center-113-8" class="oxy-header-center" ></div><div id="_header_right-114-8" class="oxy-header-right" ><div id="div_block-184-8" class="ct-div-block" ><img id="image-118-8" alt="Hamburger Menu Icon" src="https://yoroi.company/wp-content/uploads/2020/01/hamburger.svg" class="ct-image sm-trigger-26"/></div></div></div></div></header>
		<main id="swup" class="ct-div-block " ><div id="div_block-1-4186" class="ct-div-block bg-dark" ><img id="image-2-4186" alt="Yoroi Background" src="https://yoroi.company/wp-content/uploads/2020/01/Risorsa-36-8.png" class="ct-image bg-heading"/><section id="section-3-4186" class=" ct-section section intro" ><div class="ct-section-inner-wrap"><h1 id="headline-4-4186" class="ct-headline intro__heading"><span id="span-5-4186" class="ct-span" >Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife</span></h1><div id="code_block-28-4186" class="ct-code-block" ><h6 class="blog-post-date">
	01/12/2021</h6></div><div id="text_block-14-4186" class="ct-text-block blog-post" ><span id="span-15-4186" class="ct-span oxy-stock-content-styles blog-post" >
<h1>Introduction</h1>



<p>2020 was a really intense year in terms of APT activities, in fact it brought us new evidence of sophisticated campaigns targeting Enterprises organization across Europe and also Italy. In particular the threat group we track as TH-239, also mentioned as UNC1945 by FireEye security researchers, has been one of the sneakiest.&nbsp;</p>



<p>We discussed some of the new techniques and modus operandi used by this actor in our <a href="https://yoroi.company/research/shadows-from-the-past-threaten-italian-enterprises/">previous post</a>, revealing how it leverages modern post exploitation tools even in legacy environments such as old Linux-based machines: with the help of a portable virtual machine, TH-239 is able to move part of its arsenal directly into the victim's internal network.&nbsp;&nbsp;</p>



<p>This time we decided to dissect and share intelligence information about another piece of the TH-239 arsenal: a tiny and mysterious tool dubbed “STEELCORGI” on FireEye <a href="https://www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-overview-of-unc1945.html" target="_blank" rel="noopener">research</a>. This tool was heavily protected using a novel technique able to make things really difficult to&nbsp; any DFIR Team tackling with TH-239 intrusion, but it’s contents reveal huge surprises and unattended capabilities.&nbsp;</p>



<h1>Technical Analysis</h1>



<p>One of the most interesting components of the TH-239<strong> </strong>arsenal is an ELF binary file classified as “STEELCORGI”. The tool is presented in the form of an ELF named with the following md5: 0845835e18a3ed4057498250d30a11b1. </p>



<p>This binary is protected in a very aggressive way, let’s see how.</p>



<h2>A Packed ELF</h2>



<p>During the analysis we noticed that this ELF was very far from being readable, we extracted a series of elements confirming us that:</p>



<ul><li>High file dimension (more than 4MB);</li><li>Obfuscated strings;</li><li>Absence of Dynamic &nbsp;and (<em>.dynsym</em>) and Static Symbol Tables (.<em>symtab</em>);</li><li>Absence of <em>section-headers</em> as Anti-reverse engineering Technique;</li><li>High value of entropy &gt; 7.9</li><li>Runtime linking mechanism with <em>dlopen </em>and <em>dlsym</em></li></ul>



<p>As the first step, we focused on the static analysis of the sample in order to reconstruct the high level of sophistication and complexity of the packing. At first impact, strings are obfuscated, the binary is dynamically linked but the dynamic symbols table is empty.&nbsp;</p>



<p>Also, the absence of section-headers is an anti-reverse engineering technique adopted in this packer. Another indicator that the binary is packed is the high value of entropy<em> 7.99</em>, as it is possible to observe in the following picture, on the right we have the whole portion of the ELF binary with compressed data.</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh5.googleusercontent.com/iofZzDzcG0PPU00OvGqQ1gaNuV13cr57nIr_qJv8QypAZVBKFelMXqTR3w54WtZRDlbEb1eBo092-7BpZ_jPqVBoyIvbBUuW4L4gvnX9vFPZI8rIWienh4446WQWznCklXjkQOI" alt data-lazy-src="https://lh5.googleusercontent.com/iofZzDzcG0PPU00OvGqQ1gaNuV13cr57nIr_qJv8QypAZVBKFelMXqTR3w54WtZRDlbEb1eBo092-7BpZ_jPqVBoyIvbBUuW4L4gvnX9vFPZI8rIWienh4446WQWznCklXjkQOI?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh5.googleusercontent.com/iofZzDzcG0PPU00OvGqQ1gaNuV13cr57nIr_qJv8QypAZVBKFelMXqTR3w54WtZRDlbEb1eBo092-7BpZ_jPqVBoyIvbBUuW4L4gvnX9vFPZI8rIWienh4446WQWznCklXjkQOI" alt=""/></noscript><figcaption>Figure. High entropy section</figcaption></figure></div>



<p></p>



<p>At this point, we aren’t able to retrieve any other information about the packer, so we have to analyze the malicious routines aimed at unpack the sample. During the code inspection, a very long and complex subroutine emerges and it looks like the following screen:</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh6.googleusercontent.com/TWDriw1xRyi8AEC9C-IzYGaAKqgCcTlb84O5-s9JOVB0n3XWzhDixrcqwn4MHJAdCzc4v1K-fxx6secz8pwtHMI98Q-9HaSYgHwSWFKKziN-2784VLcQm76GpWd2CfKcrEzDXlU" alt data-lazy-src="https://lh6.googleusercontent.com/TWDriw1xRyi8AEC9C-IzYGaAKqgCcTlb84O5-s9JOVB0n3XWzhDixrcqwn4MHJAdCzc4v1K-fxx6secz8pwtHMI98Q-9HaSYgHwSWFKKziN-2784VLcQm76GpWd2CfKcrEzDXlU?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh6.googleusercontent.com/TWDriw1xRyi8AEC9C-IzYGaAKqgCcTlb84O5-s9JOVB0n3XWzhDixrcqwn4MHJAdCzc4v1K-fxx6secz8pwtHMI98Q-9HaSYgHwSWFKKziN-2784VLcQm76GpWd2CfKcrEzDXlU" alt=""/></noscript><figcaption>Figure. Part of the decoding routines</figcaption></figure></div>



<p></p>



<p>It is a particular decoding routine instructed to decrypt some other protected code and strings. The code is a complex succession of logic instructions, like xor, shift, or etc. In the end of the decoding routine, the sample performs a check on the environment variables, looking for a custom one installed by the TH-239 operators.&nbsp;</p>



<p>In fact, the environment variable “MCARCH_” contains the decryption key of the protector wrapper. When the malware retrieves the desidered environment variable, it starts the unpacking routine using the key stored in it and then starts the execution of the real payload.</p>



<p>This approach is a great evasion technique because it avoids the execution of the sample in any environments except the ones where TH-239 operators decide to get in.</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh4.googleusercontent.com/0xQOQ52vl5wPeS2OGkIN4Vv5XImtYGNHzcRAjExQTQZauSQ5c-AygIXX_gM4gOOzwMqVSIeKhhLt6eENBzRdG7nXfMd2C26ulVTGsvMlJoJUNna-qEfEPlRdFlpX7uVpq_sLn6k" alt data-lazy-src="https://lh4.googleusercontent.com/0xQOQ52vl5wPeS2OGkIN4Vv5XImtYGNHzcRAjExQTQZauSQ5c-AygIXX_gM4gOOzwMqVSIeKhhLt6eENBzRdG7nXfMd2C26ulVTGsvMlJoJUNna-qEfEPlRdFlpX7uVpq_sLn6k?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh4.googleusercontent.com/0xQOQ52vl5wPeS2OGkIN4Vv5XImtYGNHzcRAjExQTQZauSQ5c-AygIXX_gM4gOOzwMqVSIeKhhLt6eENBzRdG7nXfMd2C26ulVTGsvMlJoJUNna-qEfEPlRdFlpX7uVpq_sLn6k" alt=""/></noscript><figcaption>Figure. Environment variable lookup</figcaption></figure></div>



<p></p>



<figure class="wp-block-image size-large"><img loading="lazy" width="1024" height="252" src="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/image.png?resize=1024%2C252&#038;ssl=1" alt class="wp-image-4885 jetpack-lazy-image" data-recalc-dims="1" data-lazy-srcset="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/image.png?resize=1024%2C252&amp;ssl=1 1024w, https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/image.png?resize=300%2C74&amp;ssl=1 300w, https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/image.png?resize=768%2C189&amp;ssl=1 768w, https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/image.png?w=1221&amp;ssl=1 1221w" data-lazy-sizes="(max-width: 1000px) 100vw, 1000px" data-lazy-src="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/image.png?resize=1024%2C252&amp;is-pending-load=1#038;ssl=1" srcset=""><noscript><img loading="lazy" width="1024" height="252" src="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/image.png?resize=1024%2C252&#038;ssl=1" alt="" class="wp-image-4885" srcset="https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/image.png?resize=1024%2C252&amp;ssl=1 1024w, https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/image.png?resize=300%2C74&amp;ssl=1 300w, https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/image.png?resize=768%2C189&amp;ssl=1 768w, https://i0.wp.com/yoroi.company/wp-content/uploads/2021/01/image.png?w=1221&amp;ssl=1 1221w" sizes="(max-width: 1000px) 100vw, 1000px" data-recalc-dims="1" /></noscript><figcaption>Figure. Environment variable match (redacted)</figcaption></figure>



<p></p>



<h3>A Closer Look to the Stub</h3>



<p>In addition, this packed ELF is matching some suspicious functions usually found in backdoors using the runtime linking techniques. Following are the functions with their relative offset:</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh5.googleusercontent.com/NSXWYB0aZr2HFvGYeKhVX5GV6TJGyKZS8PT_dab66dK8BHtnW2nJg3ZDL7vwaXNm5fR7d_JmFrIg0-puG4ih3vp_SMAzK4paQKRaq5wzmTzd6hhZDHyROOFEoPO4vXj9Wq76SOk" alt data-lazy-src="https://lh5.googleusercontent.com/NSXWYB0aZr2HFvGYeKhVX5GV6TJGyKZS8PT_dab66dK8BHtnW2nJg3ZDL7vwaXNm5fR7d_JmFrIg0-puG4ih3vp_SMAzK4paQKRaq5wzmTzd6hhZDHyROOFEoPO4vXj9Wq76SOk?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh5.googleusercontent.com/NSXWYB0aZr2HFvGYeKhVX5GV6TJGyKZS8PT_dab66dK8BHtnW2nJg3ZDL7vwaXNm5fR7d_JmFrIg0-puG4ih3vp_SMAzK4paQKRaq5wzmTzd6hhZDHyROOFEoPO4vXj9Wq76SOk" alt=""/></noscript><figcaption>Figure. Packed EFL imports</figcaption></figure></div>



<p>The presence of the <em>dlopen </em>and <em>dlsym </em>syscalls inside <em>libdl.so.2</em> is a clear indicator that this ELF uses a runtime linking mechanism by which hides all the dynamic symbols. The <em>dlopen()</em> function loads a shared object into the calling process’s address space (the same of <em>LoadLibrary()</em> in Windows). The symbol resolution is done by the <em>dlsym()</em> syscall which returns the address of the first occurrence of the symbol. Setting a breakpoint on <em>dlopen()</em> we are able to know which libraries are loaded at runtime:</p>



<figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/nTl_zz-ViN5v8v2zaNBA5YMPBsXZnmL8YYhLzZho6tB9xPnqS_CL90Y5COTb73aAYInrMXc-HMHdXmU_HdSixjxDSlNWoZXQs0ucs2XaI5NVxO-aOUx6TK3sbGGMZk1dmV8uTOA" alt data-lazy-src="https://lh6.googleusercontent.com/nTl_zz-ViN5v8v2zaNBA5YMPBsXZnmL8YYhLzZho6tB9xPnqS_CL90Y5COTb73aAYInrMXc-HMHdXmU_HdSixjxDSlNWoZXQs0ucs2XaI5NVxO-aOUx6TK3sbGGMZk1dmV8uTOA?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh6.googleusercontent.com/nTl_zz-ViN5v8v2zaNBA5YMPBsXZnmL8YYhLzZho6tB9xPnqS_CL90Y5COTb73aAYInrMXc-HMHdXmU_HdSixjxDSlNWoZXQs0ucs2XaI5NVxO-aOUx6TK3sbGGMZk1dmV8uTOA" alt=""/></noscript><figcaption>Figure. Libraries dynamically loaded by the stub</figcaption></figure>



<p>Then, in the same way we dump all the symbol resolved at runtime with the <em>dlsym()</em> syscall:</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh5.googleusercontent.com/Tafq98KpkwNUfSjrxiUPfeQmFuTlOvekrjbiTseSoBoAhgP_vJsEY11YroKiPwt11hfG_5QDcBnu_G4Zs2pWE_mKofmZuSvU1kQGdH_tOf2UmQArQs-zzGmL-YTira8y0xcByJQ" alt data-lazy-src="https://lh5.googleusercontent.com/Tafq98KpkwNUfSjrxiUPfeQmFuTlOvekrjbiTseSoBoAhgP_vJsEY11YroKiPwt11hfG_5QDcBnu_G4Zs2pWE_mKofmZuSvU1kQGdH_tOf2UmQArQs-zzGmL-YTira8y0xcByJQ?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh5.googleusercontent.com/Tafq98KpkwNUfSjrxiUPfeQmFuTlOvekrjbiTseSoBoAhgP_vJsEY11YroKiPwt11hfG_5QDcBnu_G4Zs2pWE_mKofmZuSvU1kQGdH_tOf2UmQArQs-zzGmL-YTira8y0xcByJQ" alt=""/></noscript><figcaption>Figure. Syscall invoked during the unpacking</figcaption></figure></div>



<p>Inspecting the new unpacked memory,<em> </em>we immediately noticed its structure with all the program headers and section headers, then we found all the loaded new segments mapped into Virtual Memory at specific offset:</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh5.googleusercontent.com/upSGjXruxl9X5FCY7A661SjaveVAi7VJafLWLdCRlYNJ9T2n3kLx41xJ4-FKzWkplSeDKD-uSoNhSRHUbUep-qSD7fYWtSfpjjfGPoaBdUm3JAvl32ZwGPU-Co36HxvqXNSj60s" alt data-lazy-src="https://lh5.googleusercontent.com/upSGjXruxl9X5FCY7A661SjaveVAi7VJafLWLdCRlYNJ9T2n3kLx41xJ4-FKzWkplSeDKD-uSoNhSRHUbUep-qSD7fYWtSfpjjfGPoaBdUm3JAvl32ZwGPU-Co36HxvqXNSj60s?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh5.googleusercontent.com/upSGjXruxl9X5FCY7A661SjaveVAi7VJafLWLdCRlYNJ9T2n3kLx41xJ4-FKzWkplSeDKD-uSoNhSRHUbUep-qSD7fYWtSfpjjfGPoaBdUm3JAvl32ZwGPU-Co36HxvqXNSj60s" alt=""/></noscript><figcaption>Figure. Unpacked memory sections</figcaption></figure></div>



<p>These LOAD<em> </em>segments contain unpacked payload: it has different size than and the number of program-headers and section-headers are also different. The unpacked version have a lot of clear-text LOAD sections that was previously unpacked from memory, the following image summarize the unpacked memory regions (the bar on the right):</p>



<figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/XLNh5JDDpd7zA9qmhfPu2bhmfAkad7PCWVmWChL9tIaDMktpBJpMP5ab7T3GmasiIahW0EMALm8whPzsUma7c4pj7e78CU9qykf3WVpzoi_jCqAdbvkpvgSV8alVpHnoWTxsjmE" alt data-lazy-src="https://lh6.googleusercontent.com/XLNh5JDDpd7zA9qmhfPu2bhmfAkad7PCWVmWChL9tIaDMktpBJpMP5ab7T3GmasiIahW0EMALm8whPzsUma7c4pj7e78CU9qykf3WVpzoi_jCqAdbvkpvgSV8alVpHnoWTxsjmE?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh6.googleusercontent.com/XLNh5JDDpd7zA9qmhfPu2bhmfAkad7PCWVmWChL9tIaDMktpBJpMP5ab7T3GmasiIahW0EMALm8whPzsUma7c4pj7e78CU9qykf3WVpzoi_jCqAdbvkpvgSV8alVpHnoWTxsjmE" alt=""/></noscript><figcaption>Figure. Segment difference</figcaption></figure>



<p>Inspecting all these unpacked regions (in red), we found some dictionaries used by the backdoor for enumeration or brute force. This is very interesting because it shows us the real capabilities and the&nbsp; magnitude of this Kill Chain. More details in the following sections.</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh6.googleusercontent.com/UWmLYfEeAto199ZeZjo1OFnkov7G891-6UWkY3WeSG2Kar7AN9hMztNXSAc4UTqcejoRmPVZ-Fj83tDdxPzPCZiOv4czK9bfa6n6VcTP_GKr-MrmKVoSB-ChRa2ouSN6KOHLLwU" alt data-lazy-src="https://lh6.googleusercontent.com/UWmLYfEeAto199ZeZjo1OFnkov7G891-6UWkY3WeSG2Kar7AN9hMztNXSAc4UTqcejoRmPVZ-Fj83tDdxPzPCZiOv4czK9bfa6n6VcTP_GKr-MrmKVoSB-ChRa2ouSN6KOHLLwU?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh6.googleusercontent.com/UWmLYfEeAto199ZeZjo1OFnkov7G891-6UWkY3WeSG2Kar7AN9hMztNXSAc4UTqcejoRmPVZ-Fj83tDdxPzPCZiOv4czK9bfa6n6VcTP_GKr-MrmKVoSB-ChRa2ouSN6KOHLLwU" alt=""/></noscript></figure></div>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh3.googleusercontent.com/bTNAKMteemQ23hnMSwYq1Ssf1zNBD3IvFyV2QPYNti3j_ZWhu5x_jhmPOi3aeEZn_PnqlJeXWCYYN9UjaxgdQlv3Q70cUFq6UXSs3WUV6OUAat9YrCZOMsXg7GN0VnVUq3I1wMg" alt data-lazy-src="https://lh3.googleusercontent.com/bTNAKMteemQ23hnMSwYq1Ssf1zNBD3IvFyV2QPYNti3j_ZWhu5x_jhmPOi3aeEZn_PnqlJeXWCYYN9UjaxgdQlv3Q70cUFq6UXSs3WUV6OUAat9YrCZOMsXg7GN0VnVUq3I1wMg?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh3.googleusercontent.com/bTNAKMteemQ23hnMSwYq1Ssf1zNBD3IvFyV2QPYNti3j_ZWhu5x_jhmPOi3aeEZn_PnqlJeXWCYYN9UjaxgdQlv3Q70cUFq6UXSs3WUV6OUAat9YrCZOMsXg7GN0VnVUq3I1wMg" alt=""/></noscript></figure></div>



<p class="has-text-align-center">Figure. Wordlists and dictionaries inside the ELF binary</p>



<h2>The APT Swiss Army Knife</h2>



<p>At this point of the analysis, we want to provide an overview of the capabilities of this malware sample. It is a complete toolset for reconnaissance, lateral movement, exploitation and post exploitation activities. When the toolset is launched, it shows the complete menu with all the possible commands.</p>



<figure class="wp-block-image"><img src="https://lh5.googleusercontent.com/AqMRpPwuVLx1UOQzlnXgEU8mxIw13Mjwb7qyxB0qo0hKt5Yb8_-uUNyDj16cyzwwVd4yJXl6Fy5XRT1LWr_1bXybLCIP8AL2TqtErEnJevo9qLREyLlxzwylpl1uZR0LPdVlUKA" alt data-lazy-src="https://lh5.googleusercontent.com/AqMRpPwuVLx1UOQzlnXgEU8mxIw13Mjwb7qyxB0qo0hKt5Yb8_-uUNyDj16cyzwwVd4yJXl6Fy5XRT1LWr_1bXybLCIP8AL2TqtErEnJevo9qLREyLlxzwylpl1uZR0LPdVlUKA?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh5.googleusercontent.com/AqMRpPwuVLx1UOQzlnXgEU8mxIw13Mjwb7qyxB0qo0hKt5Yb8_-uUNyDj16cyzwwVd4yJXl6Fy5XRT1LWr_1bXybLCIP8AL2TqtErEnJevo9qLREyLlxzwylpl1uZR0LPdVlUKA" alt=""/></noscript><figcaption>Figure. Malware tool help&nbsp;</figcaption></figure>



<p>One of the sneakiest commands we noticed is the “bleach” one, able to delete all btmp wtmp and btmp logs. The btmp log keeps track of failed login attempts; wtmp gives historical data of utmp and btmp provides the complete picture of users logins at which terminals, logouts, system events and current status of the system, system boot time (used by uptime) etc. It is also able to clean Syslog logs in&nbsp; /var/log/syslog, /var/log/messages, /var/log/secure and&nbsp; /var/log/auth.log or optionally all of them with the “-A” flag (utmp+wtmp+lastlog+syslog) which is the default.</p>



<p>There is also the possibility to apply the so-called “Clean Filters” to clean logs for specific users or ip or according to date etc.</p>



<pre class="wp-block-code"><code> clean (filters):  [-n &lt;user&gt;]    to filter by user    (can be set multiple times)
|                   [-t &lt;tty&gt;]     to filter by tty     (can be set multiple times)
|                   [-i &lt;ip|host&gt;] to filter by ip/host (can be set multiple times)
|                   [-p &lt;pid&gt;]     to filter by pid     (can be set multiple times)
|                   [-d &lt;date&gt;]    to filter by date    (can be set multiple times)
|                   [-g &lt;str&gt;]     to filter by string  (can be set multiple times
</code></pre>



<p>Is clear that the usage of the “bleach” parameter during an intrusion results in hard times for the DFIR team.</p>



<figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/GKO8WUUanroOPopVRvLcXXD1CTqgh8YivoGBL4YTms6NPjwiXbmbbVKQEUVE83Lf_lF-xyQRKeqtFu4FmHQdkyDSa7W4uO8Wkcg43-US22Nnr1U80j-vaihwg744ktR2Iv9iNQE" alt data-lazy-src="https://lh3.googleusercontent.com/GKO8WUUanroOPopVRvLcXXD1CTqgh8YivoGBL4YTms6NPjwiXbmbbVKQEUVE83Lf_lF-xyQRKeqtFu4FmHQdkyDSa7W4uO8Wkcg43-US22Nnr1U80j-vaihwg744ktR2Iv9iNQE?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh3.googleusercontent.com/GKO8WUUanroOPopVRvLcXXD1CTqgh8YivoGBL4YTms6NPjwiXbmbbVKQEUVE83Lf_lF-xyQRKeqtFu4FmHQdkyDSa7W4uO8Wkcg43-US22Nnr1U80j-vaihwg744ktR2Iv9iNQE" alt=""/></noscript><figcaption>Figure. Bleach parameter execution</figcaption></figure>



<p>However the functionalities and tools embedded in this ELF binary are really wide and this is exactly why we referenced the tool as an APT swiss army knife. Here we sum up a list of the most interesting ones among the enlisting of all the available commands.&nbsp;</p>



<pre class="wp-block-code"><code>sendmail [ sun4me | demo | unixcat | nc110 | netcat | netcat-ssl | telnet | traceroute | traceroute-tcp | traceroute-tcpfin | traceroute-udp | traceroute-icmp | traceroute-all | sctpscan | sdporn | onesixtyone | snmpgrab | tftpd | ciscopush | ciscown | ciscomg | HEAD | GET | ssleak | rmiexec | pogo | pogo2 | elogic | Cmd | backfire | netbackup | netrider | sniff | bleach | nfsshell | mikrotik-client | sid-force | ssh-user | sshock | ssh | arpmap | ricochet | mac2vendor | ip2country | ipgen | ipsort | ipcalc | range2class | crunch | words.pl | passgen | passcheck | getpass | decrypt-cisco | decrypt-vnc | decrypt-cvs | wmon | pmon | lemon | pty | exec | nsexec | nsexec2 | setns | dumpkcore | dumpmem | pcregrep | xxd | strings | sstrip | shred | md5sum | sha1sum | sha256sum | compress | uncompress | encrypt | decrypt | uuencode | uudecode | base64 | whois | whob | resolv | ahost | adig | axfr | asrv | aspf | periscope | scanip.sh | aliveips.sh | brutus.pl | enum4linux.pl | snmpcheck.pl | = | _ | . | -? ] [options] [args]                                                                                                                                              

sendmail [ s4m | demo | ucat | nc110 | nc | ncs | tel | tr | trt | trf | tru | tri | tra | sctp | sd | sn | sg | tf | ccp | cco | ccg | HEAD | GET | ssleak | rmiexec | pogo | pogo2 | el | Cmd | bf | nb | nr | sni | clean | nfs | mikro | sid | sshu | ss | ssh | arp | rick | mac | ip2c | ipg | ips | ipc | r2c | crunch | words | lp | pcheck | gpass | dec-cisco | dec-vnc | dec-cvs | wmon | pmon | emon | pty | exec | nsexec | nsexec2 | setns | kcore | dmem | grep | xxd | str | strip | srm | md5 | sha1 | sha256 | comp | uncomp | enc | dec | uue | uud | b64 | whois | whob | res | host | dig | axfr | asrv | aspf | scope | scanip | aliveips | brutus | e4l | snmpcheck | = | _ | . | ? ] [options] [args]</code></pre>



<p>The amount of available commands is simply impressive: some are known system utilities, some others are offensive scripts, other ones known hacking tools and other ones mysterious, custom commands.To sum up, we noticed at least four categories of tools embedded in this single ELF binary:&nbsp;</p>



<ul><li><strong>Network and Enumeration Tools </strong>such as<strong> </strong>netcat, unixcat, netcat-ssl, telnet, traceroute, traceroute-tcp, traceroute-tcpfin, traceroute-udp, traceroute-icmp | traceroute-all, tftpd, HEAD, GET, sniff, nfsshell, ssh, ricochet,<strong> </strong>axfr<strong>, </strong>,whois, scanip, sctpscan, sdporn, rmiexec, arpmap, whois, who, ahost, resolv, adig, axfr,&nbsp; asrv,&nbsp; aspf, periscope, scanip.sh, aliveips.sh, brutus.pl, enum4linux.pl, mikro, ss, sshu, onesixtyone, snmpgrab, snmpcheck, ciscopush, mikrotik-client.</li><li><strong>Anti-Forensics </strong>tools such as<strong> </strong>bleach, clean.</li><li><strong>System Utilities </strong>such as<strong> </strong>md5, sha1<strong>, </strong>mac2vendor, xxd, cmd, netbackup, ip2country, ipgen, ipsort, ipcalc, range2class, crunch, words.pl, passgen, passcheck, getpass, wmon, pmon, pty, exec, nsexec, nsexec2, setns, dumpkcore, dumpmem, pcregrep, strings, sstrip, shred, md5sum, sha1sum, sha256sum, compress, uncompress, encrypt, decrypt, uuencode , uudecode, base64.</li><li><strong>Escalation and Exploitation</strong> tools like ssleak, decrypt-vpn, pogo, pogo2, sid-force, sshock, decrypt-cisco, decrypt-vnc,&nbsp; decrypt-cvs.</li></ul>



<p>There are tools for enumeration such as arp, dns, active directory, whois, ip enumeration and so on, some network tools and utilities for supporting exploiting and enumerations operations, also some exploitation and decryption tools specifically for CISCO, VNC, CVS and Mikrotik systems.</p>



<p>But some of them require a little deep dive.</p>



<h3>SShock</h3>



<p>SShock is a tool used to bruteforce SSH logins. In fact it is possible to specify an user list <em>(-u arg</em>) and a password list (<em>-p arg</em>), as shown in the following figure:</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh6.googleusercontent.com/KEl9MIyiYRN0HolnDyZYr6T-0-mOAoulPhAjXeDz9lpsQy0Xqabmf2nNmiYcRLv22vFzWv-VH7WdpFClfJzMyQSTGQo1g_aQ-XltCjSBwvZEq0TIKvoC4FNvq0LXfrrR5dRNiwU" alt data-lazy-src="https://lh6.googleusercontent.com/KEl9MIyiYRN0HolnDyZYr6T-0-mOAoulPhAjXeDz9lpsQy0Xqabmf2nNmiYcRLv22vFzWv-VH7WdpFClfJzMyQSTGQo1g_aQ-XltCjSBwvZEq0TIKvoC4FNvq0LXfrrR5dRNiwU?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh6.googleusercontent.com/KEl9MIyiYRN0HolnDyZYr6T-0-mOAoulPhAjXeDz9lpsQy0Xqabmf2nNmiYcRLv22vFzWv-VH7WdpFClfJzMyQSTGQo1g_aQ-XltCjSBwvZEq0TIKvoC4FNvq0LXfrrR5dRNiwU" alt=""/></noscript><figcaption>Figure. SShock help file&nbsp;</figcaption></figure></div>



<p>Another interesting thing of the tool is the possibility (with the <em>-E</em> flag) to specify some input file to upload and execute which will then be removed.</p>



<h3>Lemon</h3>



<p>Lemon is a very powerful monitoring utility which is capable of monitoring all system events such as (fork, exec, exit, core etc) of specific processes or users. All monitored events could be filtered with specific switches <em>(-p, -c, -u</em>). Below the tool’s help menu is show:</p>



<p class="has-text-align-center"><img loading="lazy" width="624" height="217" src="https://lh5.googleusercontent.com/NoEusgvHyOZY9708mpwUcudU32XNfayRL02owOFusXsuUp_PMSs3DP5sjhe5wTwVLt_2Vh0p9ITk3ClMyVeSAJgPXbD32UE5llD7rmGZ7at8ND9W1fNxuoWoYw7JD_qYZdNPPx4" data-lazy-src="https://lh5.googleusercontent.com/NoEusgvHyOZY9708mpwUcudU32XNfayRL02owOFusXsuUp_PMSs3DP5sjhe5wTwVLt_2Vh0p9ITk3ClMyVeSAJgPXbD32UE5llD7rmGZ7at8ND9W1fNxuoWoYw7JD_qYZdNPPx4?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img loading="lazy" width="624" height="217" src="https://lh5.googleusercontent.com/NoEusgvHyOZY9708mpwUcudU32XNfayRL02owOFusXsuUp_PMSs3DP5sjhe5wTwVLt_2Vh0p9ITk3ClMyVeSAJgPXbD32UE5llD7rmGZ7at8ND9W1fNxuoWoYw7JD_qYZdNPPx4"></noscript></p>



<p class="has-text-align-center">Figure. Lemon help file</p>



<p>For instance, it is possible to monitor all events related to specific user using the following switches lemon -u &lt;username&gt; -e all, in this case we monitor all system events related to kali user:</p>



<figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/E4r7bmXi4C3BSNQiuYSEnUK8MhBzppQhjrl0PS-4LAvDWDRyQ-GbmDZXBxy-XxMHLKWji2G0htixarFR30NZ1U0V74xFhMogjHn0sy_wTErSp4Yc7zlZaA16b4LS_6_oZp0x5Hg" alt data-lazy-src="https://lh3.googleusercontent.com/E4r7bmXi4C3BSNQiuYSEnUK8MhBzppQhjrl0PS-4LAvDWDRyQ-GbmDZXBxy-XxMHLKWji2G0htixarFR30NZ1U0V74xFhMogjHn0sy_wTErSp4Yc7zlZaA16b4LS_6_oZp0x5Hg?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh3.googleusercontent.com/E4r7bmXi4C3BSNQiuYSEnUK8MhBzppQhjrl0PS-4LAvDWDRyQ-GbmDZXBxy-XxMHLKWji2G0htixarFR30NZ1U0V74xFhMogjHn0sy_wTErSp4Yc7zlZaA16b4LS_6_oZp0x5Hg" alt=""/></noscript><figcaption>Figure. Lemon test run</figcaption></figure>



<p>Using this tool it is possible to monitor and track specific user’s activities on specific machines (or multiple machines) in order to spot the presence of specific users in some timeframe.&nbsp;</p>



<h3>Ssleak</h3>



<p>Ssleak is an utility to sniff SSL traffic. It is possible to specify a target and then dump all packets sent to and from in order to leak some information such as the server’s certificate, server’s canonical names etc.&nbsp;</p>



<figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/6I7mdweI226X4BeV7fSE-yfkB2dm0s0W6LUOBKULckbCNGEbHfZL-QYi26vNg8BycPRrZaWyq0H8EhE6OJL34uVr7IWQe2jStF7YneR1mCRi-j1sWp2r2CWMZm8KQkbNg8yADTI" alt data-lazy-src="https://lh4.googleusercontent.com/6I7mdweI226X4BeV7fSE-yfkB2dm0s0W6LUOBKULckbCNGEbHfZL-QYi26vNg8BycPRrZaWyq0H8EhE6OJL34uVr7IWQe2jStF7YneR1mCRi-j1sWp2r2CWMZm8KQkbNg8yADTI?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh4.googleusercontent.com/6I7mdweI226X4BeV7fSE-yfkB2dm0s0W6LUOBKULckbCNGEbHfZL-QYi26vNg8BycPRrZaWyq0H8EhE6OJL34uVr7IWQe2jStF7YneR1mCRi-j1sWp2r2CWMZm8KQkbNg8yADTI" alt=""/></noscript><figcaption>Figure. SSLeak help file&nbsp;&nbsp;</figcaption></figure>



<p>Moreover it is also possible to exploit Heartbleed Vulnerability (CVE-2014-0160) with custom-forged heartbeat packets with a fake length with<em> -s</em> switch and print also the hexdump of such leak with -<em>x</em> switch.</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh3.googleusercontent.com/WDyNauD8OvawH-BJo29ajBDEenv6vIerZ2Mxs4eHCMZX-Eta8cPzwzrx9kw_RW0GNrdXNzhyv1FFghyalfTD7qtVRHyv5vswH0CTF-zSvGeM1wzw4aLErZ8oIHYFdqRp4HE8Gjw" alt data-lazy-src="https://lh3.googleusercontent.com/WDyNauD8OvawH-BJo29ajBDEenv6vIerZ2Mxs4eHCMZX-Eta8cPzwzrx9kw_RW0GNrdXNzhyv1FFghyalfTD7qtVRHyv5vswH0CTF-zSvGeM1wzw4aLErZ8oIHYFdqRp4HE8Gjw?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh3.googleusercontent.com/WDyNauD8OvawH-BJo29ajBDEenv6vIerZ2Mxs4eHCMZX-Eta8cPzwzrx9kw_RW0GNrdXNzhyv1FFghyalfTD7qtVRHyv5vswH0CTF-zSvGeM1wzw4aLErZ8oIHYFdqRp4HE8Gjw" alt=""/></noscript><figcaption>Figure. SSLeak test run</figcaption></figure></div>



<h3>Backfire</h3>



<p>Backfire is a tool used to establish and manage connect-back (or reverse) shells. A reverse shell permits to establish a connection between the compromised host (pivot) and the target machine when the target machine is not directly accessible for several reasons. For instance to perform maintenance tasks on hosts behind firewalls or NAT.&nbsp;</p>



<p>As, shown in the following screen, <em>backfire </em>provides the execution of such commands (<em>-c commands</em>) through a connect-back connection that is possible to spawn with -S flag or with -s &lt;commands&gt;</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh4.googleusercontent.com/g6e0TvmhPn9x8zhbm3jUYnGeWYMcp53xzWbsTG6ph0XI0FxqHtxnRC2SGtN2wJCqC9wA5_lolCJCELsKegjUmfN4r-mdTvWp0me6jVWAQRZWrXOCeX7smcsgJ7pZ_8fMmeRRI0I" alt data-lazy-src="https://lh4.googleusercontent.com/g6e0TvmhPn9x8zhbm3jUYnGeWYMcp53xzWbsTG6ph0XI0FxqHtxnRC2SGtN2wJCqC9wA5_lolCJCELsKegjUmfN4r-mdTvWp0me6jVWAQRZWrXOCeX7smcsgJ7pZ_8fMmeRRI0I?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh4.googleusercontent.com/g6e0TvmhPn9x8zhbm3jUYnGeWYMcp53xzWbsTG6ph0XI0FxqHtxnRC2SGtN2wJCqC9wA5_lolCJCELsKegjUmfN4r-mdTvWp0me6jVWAQRZWrXOCeX7smcsgJ7pZ_8fMmeRRI0I" alt=""/></noscript><figcaption>Figure. Backfire help file</figcaption></figure></div>



<h3>Ricochet</h3>



<p>Ricochet is a powerful utility for packet spoofing and FW ACL assessment. The tool can act as a client or a server. The client version permits to forge IP-PROTO/ICMP/UDP/TCP packets in order to test fw ACLs while the server is used to listen for replies coming from the firewall. It is possible to use 2 different methods. One is called <em>spoof (method #1) to spoof packets </em>and the other is <em>rick (method#2</em>) which stands for “ricochet” used also to spoof the address and port of the outgoing requests:</p>



<div class="wp-block-image"><figure class="aligncenter"><img src="https://lh5.googleusercontent.com/6qRNpy9Do0a5oywwuBRJJFOH_uxdvFqGXmOBVNJstIxHdDo5Fv_-hXHFC7FwkXWGgYcot5mK8OXZEg1IidwEUxzJ8pKzADCBoD8EhEQ3dmTn6RIi12qCY-cE8nArMdvdcxAPDSY" alt data-lazy-src="https://lh5.googleusercontent.com/6qRNpy9Do0a5oywwuBRJJFOH_uxdvFqGXmOBVNJstIxHdDo5Fv_-hXHFC7FwkXWGgYcot5mK8OXZEg1IidwEUxzJ8pKzADCBoD8EhEQ3dmTn6RIi12qCY-cE8nArMdvdcxAPDSY?is-pending-load=1" srcset="" class=" jetpack-lazy-image"><noscript><img src="https://lh5.googleusercontent.com/6qRNpy9Do0a5oywwuBRJJFOH_uxdvFqGXmOBVNJstIxHdDo5Fv_-hXHFC7FwkXWGgYcot5mK8OXZEg1IidwEUxzJ8pKzADCBoD8EhEQ3dmTn6RIi12qCY-cE8nArMdvdcxAPDSY" alt=""/></noscript><figcaption>Figure. Ricochet help file</figcaption></figure></div>



<h1>Conclusion</h1>



<p>The versatility of the “STEELCORGI” tool used by TH-239 is really impressive: all such capabilities embedded in a single, standalone, ready to deploy binary file, potentially enabling the attacker to establish a hidden communication channel, to recon internal network and to step in remote endpoint abusing various techniques. Also, this sort of “swiss army knife” was also heavily protected in a way that could be activated only during an actual intrusion, because the activation key is inoculated into the compromises system directly by the malicious operators, at run time.&nbsp;&nbsp;</p>



<p>All these facts are reminding us how dangerous and slimy an advanced intruder could sneak into the company network: tackling such kinds of threats requires advanced intelligence and analysis capabilities.&nbsp;</p>



<h1>Appendix</h1>



<h2>Indicator of Compromise</h2>



<p>Hash:</p>



<figure class="wp-block-table"><table><tbody><tr><td>0845835e18a3ed4057498250d30a11b1</td></tr></tbody></table></figure>



<p>Yara:</p>



<pre class="wp-block-code"><code>rule ELF_packed_STEELCORGI_backdoor_UNC1945{
 meta:
   description = "Yara Rule for packed ELF backdoor of UNC1945"
   author = "Yoroi Malware Zlab"
   last_updated = "2020_12_21"
   tlp = "white"

   category = "informational"
  
strings:

$s1={4? 88 47 3c c1 6c ?4 34 08 8a 54 ?? ?? 4? 88 57 3d c1 6c}
$s2={0f b6 5? ?? 0f b6 4? ?? 4? c1 e2 18 4? c1 e0 10 4? }
$s3={8a 03 84 c0 74 ?? 3c 3d 75 ?? 3c 3d 75 ?? c6 03 00 4? 8b 7d 00}
$s4={01 c6 89 44 ?? ?? 8b 44 ?? ?? 31 f2 89 74 ?? ?? c1}
$s5={ 4? 89 d8 4? 31 f2 4? c1 e0 13 4? 01 d7 4? }

condition:
   uint32(0) == 0x464c457f and 3 of them
}


rule ELF_unpacked_STEELCORGI_backdoor_UNC1945{
 meta:
   description = "Yara Rule for unpacked ELF backdoor of UNC1945"
   author = "Yoroi Malware Zlab"
   last_updated = "2020_12_21"
   tlp = "white"
   category = "informational"
  
strings:
$s1="MCARC"
$s2="833fc0088ea41bc3331db60ae2.debug"
$s3="PORA1022"
$s4="server"
$s5="test"
$s6="no ejecutar git-update-server-info"
$s7="dlopen"
$s8="dlsym"
$s9="5d5c6da19e62263f67ca63f8bedeb6.debug"
$s10={72 69 6E 74 20 22 5B 56 5D 20 41 74 74 65 6D 70 74 69 6E 67 20 74 6F 20 67 65 74 20 4F 53 20 69 6E 66 6F 20 77 69 74 68 20 63 6F 6D 6D 61 6E 64 3A 20 24 63 6F 6D 6D 61 6E 64 5C 6E 22 20 69 66 20 24 76 65 72 62 6F 73 65 3B}

condition:
 all of them and #s4&gt;50 and #s5&gt;20
}
</code></pre>



<p class="has-text-align-center"><em>This blog post was authored by Luigi Martire, Antonio Pirozzi and Luca Mella of Yoroi Malware ZLAB</em></p>
</span></div></div></section></div></main><footer id="section-3-8" class=" ct-section footer" ><div class="ct-section-inner-wrap"><div id="new_columns-5-8" class="ct-new-columns footer__cols" ><div id="div_block-6-8" class="ct-div-block" ><div id="div_block-16-8" class="ct-div-block footer__container" ><h4 id="headline-22-8" class="ct-headline footer__heading">Seat</h4><div id="text_block-24-8" class="ct-text-block footer__text" >Yoroi S.r.l.</div><a id="link_text-48-8" class="ct-link-text footer__link" href="https://maps.google.com/?q=Via%20Giovanni%20Battista%20Martini%206,%20Roma%20RM,%2000198" target="_blank">Piazza Sallustio, 9<br>00187 Roma (RM)</a></div><div id="div_block-19-8" class="ct-div-block footer__container" ><h4 id="headline-51-8" class="ct-headline footer__heading">Contact</h4><a id="link_text-127-8" class="ct-link-text footer__link" href="/cdn-cgi/l/email-protection#f69f989099b68f9984999fd895999b8697988f" target="_blank"><span class="__cf_email__" data-cfemail="731a1d151c330a1c011c1a5d101c1e03121d0a">[email&#160;protected]</span></a><a id="link_text-176-8" class="ct-link-text footer__link" href="tel:+39%20051%200301005" target="_blank"  >+39 051 0301005</a></div><div id="div_block-20-8" class="ct-div-block footer__container" ><h4 id="headline-53-8" class="ct-headline footer__heading">Legal</h4><a id="link_text-134-8" class="ct-link-text footer__link" href="https://yoroi.company/terms-conditions" target="_blank"  >Terms &amp; Conditions</a><a id="link_text-132-8" class="ct-link-text footer__link" href="https://yoroi.company/privacy-policy/" target="_blank"  >Privacy Policy</a><a id="link_text-185-8" class="ct-link-text footer__link" href="https://yoroi.company/cookie/" target="_blank"  >Cookie Policy</a></div><div id="div_block-21-8" class="ct-div-block footer__container" ><h4 id="headline-55-8" class="ct-headline footer__heading">Warning system</h4><a id="link_text-140-8" class="ct-link-text footer__link" href="https://yoroi.company/downloads/" target="_self"  >Subscribe to our early warning system</a><a id="link_text-149-8" class="ct-link-text footer__link" href="https://yoroi.company/downloads/" target="_self"  >Downloads</a><a id="link_text-141-8" class="ct-link-text footer__link" href="https://yoroi.company/news/" target="_self"  >News</a></div></div><div id="div_block-7-8" class="ct-div-block " ><div id="div_block-27-8" class="ct-div-block footer__box" ><div id="div_block-30-8" class="ct-div-block" ><h4 id="headline-28-8" class="ct-headline footer__heading">Social</h4><div id="_social_icons-62-8" class="oxy-social-icons" ><a href='https://www.facebook.com/weareyoroi/' target='_blank' class='oxy-social-icons-facebook'><svg><use xlink:href='#oxy-social-icons-icon-facebook'></use></svg></a><a href='https://twitter.com/yoroisecurity' target='_blank' class='oxy-social-icons-twitter'><svg><use xlink:href='#oxy-social-icons-icon-twitter'></use></svg></a><a href='https://www.linkedin.com/company/yoroi/' target='_blank' class='oxy-social-icons-linkedin'><svg><use xlink:href='#oxy-social-icons-icon-linkedin'></use></svg></a><a href='https://www.youtube.com/channel/UCb3woWzGtRO8tYHHpje3AMA' target='_blank' class='oxy-social-icons-youtube'><svg><use xlink:href='#oxy-social-icons-icon-youtube'></use></svg></a></div></div></div></div></div><div id="new_columns-32-8" class="ct-new-columns footer__cols" ><div id="div_block-33-8" class="ct-div-block" ><div id="div_block-44-8" class="ct-div-block footer__box" ><div id="text_block-180-8" class="ct-text-block footer__text" >P.IVA. 03407741200 - R.E.A. RM 1559639 - Codice Fiscale 03407741200 - Capitale Sociale: Euro 100.000 IV</div><div id="text_block-45-8" class="ct-text-block footer__text" >Yoroi S.r.l. società soggetta ad attività di direzione e coordinamento esercitata dalla Tinexta S.p.A.</div></div></div><div id="div_block-40-8" class="ct-div-block " ><div id="div_block-41-8" class="ct-div-block footer__box footer__box--end" ><a id="link-179-8" class="ct-link" href="https://www.trusted-introducer.org/directory/teams/cert-yoroi.html" target="_self"  ><img id="image-177-8" alt="" src="https://yoroi.company/wp-content/uploads/2021/09/logo_tinexta-ai_3.png" class="ct-image" data-lazy="true"/></a><a id="link-182-8" class="ct-link" href="https://www.trusted-introducer.org/directory/teams/cert-yoroi.html" target="_self"  ><img id="image-183-8" alt="" src="https://yoroi.company/wp-content/uploads/2021/03/image-16.png" class="ct-image"/></a><div id="div_block-42-8" class="ct-div-block" ><a id="link-124-8" class="ct-link" href="https://yoroi.company/" target="_self"  ><img id="image-123-8" alt="Logo" src="https://yoroi.company/wp-content/uploads/2021/10/LOGO_YOROI_TC_WHITE-1.png" class="ct-image"/></a></div></div></div></div><div id="credits" class="ct-div-block" ><p id="simplenetworks" class="ct-text-block" >credits: <b>SimpleNetworks</b></p></div></div></footer><div id="code_block-133-8" class="ct-code-block" ><div class="cursor-dot-outline"></div>
<div class="cursor-dot"></div></div>            <div class="oxy-modal-backdrop  "
                style="background-color: rgba(0,0,0,0.5);"
                data-trigger="user_clicks_element"                data-trigger-selector="#link_text-140-8"                data-trigger-time="5"                data-trigger-time-unit="seconds"                data-close-automatically="no"                data-close-after-time="10"                data-close-after-time-unit="seconds"                data-trigger_scroll_amount="50"                data-trigger_scroll_direction="down"	            data-scroll_to_selector=""	            data-time_inactive="60"	            data-time-inactive-unit="seconds"	            data-number_of_clicks="3"	            data-close_on_esc="on"	            data-number_of_page_views="3"                data-close-after-form-submit="no"                data-open-again="always_show"                data-open-again-after-days="3"            >

                <div id="modal-168-8" class="ct-modal modal" ><a id="link_button-169-8" class="ct-link-button oxy-close-modal close-button" href="http://" target="_self"  >×</a><div id="div_block-170-8" class="ct-div-block modal__content" ><h3 id="headline-171-8" class="ct-headline modal__heading">Subscribe to our early warning system</h3><div id="shortcode-174-8" class="ct-shortcode shortcode-form" ><div role="form" class="wpcf7" id="wpcf7-f223-o1" lang="en-US" dir="ltr">
<div class="screen-reader-response"><p role="status" aria-live="polite" aria-atomic="true"></p> <ul></ul></div>
<form action="/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/#wpcf7-f223-o1" method="post" class="wpcf7-form init" novalidate="novalidate" data-status="init">
<div style="display: none;">
<input type="hidden" name="_wpcf7" value="223" />
<input type="hidden" name="_wpcf7_version" value="5.5.2" />
<input type="hidden" name="_wpcf7_locale" value="en_US" />
<input type="hidden" name="_wpcf7_unit_tag" value="wpcf7-f223-o1" />
<input type="hidden" name="_wpcf7_container_post" value="0" />
<input type="hidden" name="_wpcf7_posted_data_hash" value="" />
<input type="hidden" name="_wpcf7_recaptcha_response" value="" />
</div>
<div class="form__field">
   <label class="form__label">Name *</label><br />
   <span class="wpcf7-form-control-wrap warning-name"><input type="text" name="warning-name" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required form__input" aria-required="true" aria-invalid="false" /></span>
</div>
<div class="form__field">
   <label class="form__label">Last Name *</label><br />
   <span class="wpcf7-form-control-wrap warning-lastname"><input type="text" name="warning-lastname" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required form__input" aria-required="true" aria-invalid="false" /></span>
</div>
<div class="form__field">
   <label class="form__label">Company *</label><br />
   <span class="wpcf7-form-control-wrap warning-company"><input type="text" name="warning-company" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required form__input" aria-required="true" aria-invalid="false" /></span>
</div>
<div class="form__field">
   <label class="form__label">Email *</label><br />
   <span class="wpcf7-form-control-wrap warning-email"><input type="email" name="warning-email" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-email wpcf7-validates-as-required wpcf7-validates-as-email form__input" aria-required="true" aria-invalid="false" /></span>
</div>
<div class="form__field">
   <label class="form__label">Details</label><br />
   <span class="wpcf7-form-control-wrap warning-textarea"><textarea name="warning-textarea" cols="40" rows="10" class="wpcf7-form-control wpcf7-textarea form__input" aria-invalid="false"></textarea></span>
</div>
<div class="form__field">
   <label class="form__terms"><br />
      <span class="wpcf7-form-control-wrap warning-acceptance"><span class="wpcf7-form-control wpcf7-acceptance"><span class="wpcf7-list-item"><input type="checkbox" name="warning-acceptance" value="1" aria-invalid="false" class="form__checkbok" /></span></span></span><br />
      <span>Io sottoscritto dichiaro di aver letto e compreso l’<a href="https://yoroi.company/privacy-policy/" target="_blank">informativa privacy</a> resa ai sensi dell’art. 13 e autorizzo il Titolare del trattamento alla raccolta dei miei dati personali secondo le modalità e per le finalità ivi descritte.<span><br />
   </label>
</div>
<div class="form__field">
   <label class="form__terms"><br />
      <span class="wpcf7-form-control-wrap warning-acceptance-commercial"><span class="wpcf7-form-control wpcf7-acceptance optional"><span class="wpcf7-list-item"><input type="checkbox" name="warning-acceptance-commercial" value="1" aria-invalid="false" class="form__checkbok" /></span></span></span><br />
      <span>Io sottoscritto autorizzo il Titolare del trattamento alla raccolta dei miei dati personali secondo le modalità descritte nell’<a href="https://yoroi.company/privacy-policy/" target="_blank">informativa privacy</a> per l’invio di comunicazioni commerciali e/o promozionali anche tramite l’invio di newsletter<span><br />
   </label>
</div>
<input type="hidden" name="list" value="6" class="wpcf7-form-control wpcf7-hidden" />
<input type="hidden" name="apgroup" value="52" class="wpcf7-form-control wpcf7-hidden" />
<input type="hidden" name="origin" value="early-warning" class="wpcf7-form-control wpcf7-hidden" />
<div class="form__field">
<input type="submit" value="Send" class="wpcf7-form-control has-spinner wpcf7-submit form__submit button button--redshadow" />
</div>
<div class="wpcf7-response-output" aria-hidden="true"></div></form></div></div></div></div>
            </div>
        <div id="code_block-181-8" class="ct-code-block" ></div>	<!-- WP_FOOTER -->
<!-- wpcom_wp_footer -->
<script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script defer id='bilmur' data-provider='wordpress.com' data-service='atomic' src='https://s0.wp.com/wp-content/js/bilmur.min.js?m=202151'></script>
<!--googleoff: all--><div id="cookie-law-info-bar" data-nosnippet="true"><span><div class="cli-bar-container cli-style-v2"><div class="cli-bar-message">Questo sito, come la maggior parte dei siti web, utilizza cookie, anche di terze parti, per migliorare la tua esperienza di navigazione e raccogliere informazioni sull'utilizzo del sito stesso. Cliccando su "Accetta tutti" ti dichiari d'accordo all'utilizzo di cookie analitici (che ci aiutano a capire in che modo gli utenti usano il sito e come migliorarlo, insieme ai nostri servizi) e di tracciamento (inclusi quelli di nostri partner di fiducia) che ci aiutano a decidere quali prodotti mostrarti, a misurare il volume di visite sul nostro sito e a darti la possibilità di mettere "mi piace" e di condividere contenuti direttamente sui social media. Clicca <a id="qui" style="color: #cc071e">qui</a> per vedere a cosa hai dato il tuo consenso e trovare più informazioni sui cookie che utilizziamo.</div><div class="cli-bar-btn_container"><a href="https://yoroi.company/cookie/" id="CONSTANT_OPEN_URL" target="_blank"  class="cli-plugin-main-link"  style="display:inline-block; margin:0px 5px 0px 0px; " >Read More</a><a role='button' tabindex='0' class="medium cli-plugin-button cli-plugin-main-button cli_settings_button" style="margin:0px 5px 0px 0px;" >Gestisci Impostazioni</a><a role='button' tabindex='0' id="cookie_action_close_header_reject"  class="medium cli-plugin-button cli-plugin-main-button cookie_action_close_header_reject cli_action_button"  data-cli_action="reject">Reject All</a><a id="wt-cli-accept-all-btn" tabindex="0" role='button' data-cli_action="accept_all"  class="wt-cli-element medium cli-plugin-button wt-cli-accept-all-btn cookie_action_close_header cli_action_button" >Accetta tutti</a> </div></div> </span></div><div id="cookie-law-info-again" style="display:none;" data-nosnippet="true"><span id="cookie_hdr_showagain">Manage consent</span></div><div class="cli-modal" data-nosnippet="true" id="cliSettingsPopup" tabindex="-1" role="dialog" aria-labelledby="cliSettingsPopup" aria-hidden="true">
  <div class="cli-modal-dialog" role="document">
	<div class="cli-modal-content cli-bar-popup">
	  	<button type="button" class="cli-modal-close" id="cliModalClose">
			<svg class="" viewBox="0 0 24 24"><path d="M19 6.41l-1.41-1.41-5.59 5.59-5.59-5.59-1.41 1.41 5.59 5.59-5.59 5.59 1.41 1.41 5.59-5.59 5.59 5.59 1.41-1.41-5.59-5.59z"></path><path d="M0 0h24v24h-24z" fill="none"></path></svg>
			<span class="wt-cli-sr-only">Close</span>
	  	</button>
	  	<div class="cli-modal-body">
			<div class="cli-container-fluid cli-tab-container">
	<div class="cli-row">
		<div class="cli-col-12 cli-align-items-stretch cli-px-0">
			<div class="cli-privacy-overview">
				<h4>Privacy Overview</h4>				<div class="cli-privacy-content">
					<div class="cli-privacy-content-text">Questo sito, come la maggior parte dei siti web, utilizza cookie, anche di terze parti, per migliorare la tua esperienza di navigazione e raccogliere informazioni sull'utilizzo del sito stesso.</div>
				</div>
				<a class="cli-privacy-readmore"  aria-label="Show more" tabindex="0" role="button" data-readmore-text="Show more" data-readless-text="Show less"></a>			</div>
		</div>
		<div class="cli-col-12 cli-align-items-stretch cli-px-0 cli-tab-section-container">
												<div class="cli-tab-section">
						<div class="cli-tab-header">
							<a role="button" tabindex="0" class="cli-nav-link cli-settings-mobile" data-target="necessary" data-toggle="cli-toggle-tab">
								Necessary							</a>
							<div class="wt-cli-necessary-checkbox">
                        <input type="checkbox" class="cli-user-preference-checkbox"  id="wt-cli-checkbox-necessary" data-id="checkbox-necessary" checked="checked"  />
                        <label class="form-check-label" for="wt-cli-checkbox-necessary">Necessary</label>
                    </div>
                    <span class="cli-necessary-caption">Always Enabled</span> 						</div>
						<div class="cli-tab-content">
							<div class="cli-tab-pane cli-fade" data-id="necessary">
								<div class="wt-cli-cookie-description">
									I cookie funzionali contribuiscono al buon funzionamento del nostro sito e ti permettono di creare un account, accedere e gestire le tue prenotazioni. Questi cookie ricordano la lingua e la valuta che hai selezionato, le tue ricerche passate e altre preferenze. Si tratta di cookie tecnici che devono essere attivati per poter utilizzare il nostro sito e i nostri servizi.
<table class="cookielawinfo-row-cat-table cookielawinfo-winter"><thead><tr><th class="cookielawinfo-column-1">Cookie</th><th class="cookielawinfo-column-3">Duration</th><th class="cookielawinfo-column-4">Description</th></tr></thead><tbody><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">pll_language</td><td class="cookielawinfo-column-3">1 year</td><td class="cookielawinfo-column-4">The pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.</td></tr></tbody></table>								</div>
							</div>
						</div>
					</div>
																	<div class="cli-tab-section">
						<div class="cli-tab-header">
							<a role="button" tabindex="0" class="cli-nav-link cli-settings-mobile" data-target="performance" data-toggle="cli-toggle-tab">
								Performance							</a>
							<div class="cli-switch">
                        <input type="checkbox" id="wt-cli-checkbox-performance" class="cli-user-preference-checkbox"  data-id="checkbox-performance"  />
                        <label for="wt-cli-checkbox-performance" class="cli-slider" data-cli-enable="Enabled" data-cli-disable="Disabled"><span class="wt-cli-sr-only">Performance</span></label>
                    </div>						</div>
						<div class="cli-tab-content">
							<div class="cli-tab-pane cli-fade" data-id="performance">
								<div class="wt-cli-cookie-description">
									Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
								</div>
							</div>
						</div>
					</div>
																	<div class="cli-tab-section">
						<div class="cli-tab-header">
							<a role="button" tabindex="0" class="cli-nav-link cli-settings-mobile" data-target="analytics" data-toggle="cli-toggle-tab">
								Analytics							</a>
							<div class="cli-switch">
                        <input type="checkbox" id="wt-cli-checkbox-analytics" class="cli-user-preference-checkbox"  data-id="checkbox-analytics"  />
                        <label for="wt-cli-checkbox-analytics" class="cli-slider" data-cli-enable="Enabled" data-cli-disable="Disabled"><span class="wt-cli-sr-only">Analytics</span></label>
                    </div>						</div>
						<div class="cli-tab-content">
							<div class="cli-tab-pane cli-fade" data-id="analytics">
								<div class="wt-cli-cookie-description">
									I cookie analitici ci aiutano a capire in che modo i clienti come te utilizzano questo sito. In questo modo possiamo migliorare il sito, le app e le comunicazioni e assicurarci di offrire sempre contenuti interessanti e rilevanti.
<table class="cookielawinfo-row-cat-table cookielawinfo-winter"><thead><tr><th class="cookielawinfo-column-1">Cookie</th><th class="cookielawinfo-column-3">Duration</th><th class="cookielawinfo-column-4">Description</th></tr></thead><tbody><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">_ga</td><td class="cookielawinfo-column-3">2 years</td><td class="cookielawinfo-column-4">The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">_gat_gtag_UA_209986505_1</td><td class="cookielawinfo-column-3">1 minute</td><td class="cookielawinfo-column-4">Set by Google to distinguish users.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">_gid</td><td class="cookielawinfo-column-3">1 day</td><td class="cookielawinfo-column-4">Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">CONSENT</td><td class="cookielawinfo-column-3">2 years</td><td class="cookielawinfo-column-4">YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.</td></tr></tbody></table>								</div>
							</div>
						</div>
					</div>
																	<div class="cli-tab-section">
						<div class="cli-tab-header">
							<a role="button" tabindex="0" class="cli-nav-link cli-settings-mobile" data-target="advertisement" data-toggle="cli-toggle-tab">
								Marketing							</a>
							<div class="cli-switch">
                        <input type="checkbox" id="wt-cli-checkbox-advertisement" class="cli-user-preference-checkbox"  data-id="checkbox-advertisement"  />
                        <label for="wt-cli-checkbox-advertisement" class="cli-slider" data-cli-enable="Enabled" data-cli-disable="Disabled"><span class="wt-cli-sr-only">Marketing</span></label>
                    </div>						</div>
						<div class="cli-tab-content">
							<div class="cli-tab-pane cli-fade" data-id="advertisement">
								<div class="wt-cli-cookie-description">
									Questo sito e i nostri partner di fiducia usano cookie di terze parti per mostrare messaggi pubblicitari personalizzati su questo sito e su altri siti in base alla tua cronologia di navigazione. Questi cookie vengono usati per integrare i social media sul nostro sito, in modo che tu possa mettere "mi piace" sulle nostre pagine o sui nostri prodotti e condividerli sui social.
<table class="cookielawinfo-row-cat-table cookielawinfo-winter"><thead><tr><th class="cookielawinfo-column-1">Cookie</th><th class="cookielawinfo-column-3">Duration</th><th class="cookielawinfo-column-4">Description</th></tr></thead><tbody><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">VISITOR_INFO1_LIVE</td><td class="cookielawinfo-column-3">5 months 27 days</td><td class="cookielawinfo-column-4">A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">YSC</td><td class="cookielawinfo-column-3">session</td><td class="cookielawinfo-column-4">YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">yt-remote-connected-devices</td><td class="cookielawinfo-column-3">never</td><td class="cookielawinfo-column-4">YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">yt-remote-device-id</td><td class="cookielawinfo-column-3">never</td><td class="cookielawinfo-column-4">YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">yt.innertube::nextId</td><td class="cookielawinfo-column-3">never</td><td class="cookielawinfo-column-4">This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.</td></tr><tr class="cookielawinfo-row"><td class="cookielawinfo-column-1">yt.innertube::requests</td><td class="cookielawinfo-column-3">never</td><td class="cookielawinfo-column-4">This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.</td></tr></tbody></table>								</div>
							</div>
						</div>
					</div>
																	<div class="cli-tab-section">
						<div class="cli-tab-header">
							<a role="button" tabindex="0" class="cli-nav-link cli-settings-mobile" data-target="others" data-toggle="cli-toggle-tab">
								Others							</a>
							<div class="cli-switch">
                        <input type="checkbox" id="wt-cli-checkbox-others" class="cli-user-preference-checkbox"  data-id="checkbox-others"  />
                        <label for="wt-cli-checkbox-others" class="cli-slider" data-cli-enable="Enabled" data-cli-disable="Disabled"><span class="wt-cli-sr-only">Others</span></label>
                    </div>						</div>
						<div class="cli-tab-content">
							<div class="cli-tab-pane cli-fade" data-id="others">
								<div class="wt-cli-cookie-description">
									Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
								</div>
							</div>
						</div>
					</div>
										</div>
	</div>
</div>
	  	</div>
	  	<div class="cli-modal-footer">
			<div class="wt-cli-element cli-container-fluid cli-tab-container">
				<div class="cli-row">
					<div class="cli-col-12 cli-align-items-stretch cli-px-0">
						<div class="cli-tab-footer wt-cli-privacy-overview-actions">
						
															<a id="wt-cli-privacy-save-btn" role="button" tabindex="0" data-cli-action="accept" class="wt-cli-privacy-btn cli_setting_save_button wt-cli-privacy-accept-btn cli-btn">SAVE & ACCEPT</a>
													</div>
												<div class="wt-cli-ckyes-footer-section">
							<div class="wt-cli-ckyes-brand-logo">Powered by <a href="https://www.cookieyes.com/"><img src="https://yoroi.company/wp-content/plugins/cookie-law-info/public/images/logo-cookieyes.svg" alt="CookieYes Logo"></a></div>
						</div>
						
					</div>
				</div>
			</div>
		</div>
	</div>
  </div>
</div>
<div class="cli-modal-backdrop cli-fade cli-settings-overlay"></div>
<div class="cli-modal-backdrop cli-fade cli-popupbar-overlay"></div>
<!--googleon: all--><script type="module" src="https://yoroi.company/wp-content/assets/js/countUp.min.js"></script>
<script src="https://yoroi.company/wp-content/assets/js/counters.js" type="module"></script>
<script src="https://yoroi.company/wp-content/assets/js/parallax.min.js"></script>
<script async src="https://cdn.jsdelivr.net/npm/intersection-observer@0.7.0/intersection-observer.js"></script>
<script async src="https://cdn.jsdelivr.net/npm/vanilla-lazyload@12.4.0/dist/lazyload.min.js"></script>	
<script>	
    console.log("%c 🛡️ YOROI® 🛡️", "font-weight: bold; color: #c40030; font-size: 80px; text-align: center");
    window.lazyLoadOptions = {	
        elements_selector: '[data-lazy="true"]'
    };
</script>
<script>
window.onload = (event) => {
  document.querySelectorAll('.cli-tab-section').forEach((e) => {
    if (!e.querySelector('table.cookielawinfo-row-cat-table')) {
        e.style.display = 'none';
    }
  });
	
document.querySelector('#qui').addEventListener('click', () => {
  document.querySelector('#cookie-law-info-bar > span > div > div.cli-bar-btn_container > a.medium.cli-plugin-button.cli-plugin-main-button.cli_settings_button').click()
});

};</script><nav id="sm-menu-26" class="sm-menu sm-menu-26 sm-right sm-cover sm-effect-1 sm-navmenu-mobile-menu-eng" data-id="26"><div class="sm-main-level sm-level sm-has-wrapper-bg"  data-level="1" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner"><div class="sm-close sm-level-component sm-position-left">	<span>		<a href="#" title="Close"><i class="_mi _before genericon genericon-close-alt" aria-hidden="true"></i></a>	</span></div>	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>mobile-menu-eng</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center"><li id="menu-item-227" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-227 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/defence-center/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Defence center</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
<li id="menu-item-226" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-226 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/threat-intelligence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat intelligence</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
<li id="menu-item-4194" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4194 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Solutions</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="2" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Solutions</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">	<li id="menu-item-4195" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4195 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Before Attack</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="3" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Before Attack</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">		<li id="menu-item-4210" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-4210 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/category/technologies/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Technologies</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="4" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Technologies</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">			<li id="menu-item-4219" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-4219 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/threat-intelligence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat intelligence</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4216" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4216 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/dns-defence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">DNS Defence</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4218" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4218 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/kanwa/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Kanwa</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4217" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4217 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/genku/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Genku</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4215" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4215 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/digital-surveillance/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Digital Surveillance</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
		<li id="menu-item-4209" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-4209 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/category/services/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Services</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="4" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Services</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">			<li id="menu-item-4222" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4222 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/security-compliance/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Infrastructure &#038; Systems compliance</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4225" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4225 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/scam-protection/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Scam Protection</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4224" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4224 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/scada-security/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">SCADA Security</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4221" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4221 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/early-warning/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Early Warning</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4230" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4230 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/wi-fi-infrastructure-assessment/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Wi-Fi Infrastructure Assessment</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4229" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4229 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/vulnerability-assessment/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Vulnerability Assessment</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4220" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4220 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/targeted-attack-simulation/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Adversarial Simulation</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4228" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4228 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/cert-computer-emergency-response-team/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat Hunting</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4227" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4227 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/siem-management/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">SIEM management</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4226" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4226 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/security-infrastructure-assessment-sia/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Security Infrastructure Assessment (SIA)</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4223" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4223 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/penetration-testing/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Penetration Testing</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
	<li id="menu-item-4196" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4196 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">During Attack</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="3" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>During Attack</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">		<li id="menu-item-4212" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-4212 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/category/technologies/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Technologies</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="4" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Technologies</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">			<li id="menu-item-4234" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-4234 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/threat-intelligence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat intelligence</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4232" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4232 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/kanwa/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Kanwa</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4233" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4233 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/yomi/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Yomi</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4231" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4231 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/email-protection/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Email Protection</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
		<li id="menu-item-4211" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-4211 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/category/services/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Services</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="4" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Services</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">			<li id="menu-item-4235" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4235 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/irt/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">IRT (Incident Response Team)</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4237" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-4237 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/category/threat/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Managed Advanced Threat Protection</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4236" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4236 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/kickback-attack/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">KickBack Attack</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
	<li id="menu-item-4197" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4197 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">After Attack</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="3" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>After Attack</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">		<li id="menu-item-4214" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-4214 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/category/technologies/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Technologies</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="4" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Technologies</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">			<li id="menu-item-4238" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-4238 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/threat-intelligence/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat intelligence</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4239" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4239 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/kanwa/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Kanwa</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
		<li id="menu-item-4213" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-4213 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/category/services/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Services</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="4" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Services</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">			<li id="menu-item-4241" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4241 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/wi-fi-infrastructure-assessment/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Wi-Fi Infrastructure Assessment</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
			<li id="menu-item-4240" class="menu-item menu-item-type-post_type menu-item-object-service menu-item-4240 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/service/cert-computer-emergency-response-team/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Threat Hunting</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
<li id="menu-item-5333" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-5333 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="#">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Blogs</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a><div class="sm-level sm-has-wrapper-bg"  data-level="2" data-overlay-type="color" data-overlay-color="" data-wrapper-filter="sm-filter-brightness" data-content-filter="sm-filter-brightness" data-width="280px" data-scroll-to-current="">	<div class="sm-level-inner">	<div class="sm-level-body">	<div class="sm-level-align"><div class="sm-header sm-level-component"></div><div class="sm-title sm-level-component sm-title-hidden sm-fullwidth">	<span class="sm-title-wrap"> <span>Blogs</span>	</span></div><ul class="sm-nav-list sm-nav-align-center sm-col-align-center">	<li id="menu-item-5334" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-5334 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/blog/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Yoroi Blog</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
	<li id="menu-item-5335" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-5335 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://marcoramilli.com/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Marco Ramilli Blog</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul><span class="sm-back sm-level-component sm-back-bottom">	<a href="#" title="Back"><span>Back</span>	</a></span></div></div></div></div></li>
<li id="menu-item-4198" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-4198 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/downloads/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Downloads</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
<li id="menu-item-228" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-228 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/about-us/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">About us</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
<li id="menu-item-225" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-225 sm-fullwidth sm-hover-normal sm-col-1-1"><a href="https://yoroi.company/contacts/">
			<span class="sm-title-wrap">
				
				<span class="sm-title-inner-wrap">
					
					<span class="">Contacts</span>
					<i class="sm-arrow _after _mi  fa fa-angle-right" aria-hidden="true"></i>
				</span>
				
			</span>
			</a></li>
</ul></div></div><div class="sm-footer sm-level-component"><div class="sm-footer-text">&copy; 2020 credits: <strong>SimpleNetworks</strong></div></div></div></div></nav>
		<script type="text/javascript">
			jQuery(document).ready(function() {
				jQuery('body').on('click', '.oxy-menu-toggle', function() {
					jQuery(this).parent('.oxy-nav-menu').toggleClass('oxy-nav-menu-open');
					jQuery('body').toggleClass('oxy-nav-menu-prevent-overflow');
					jQuery('html').toggleClass('oxy-nav-menu-prevent-overflow');
				});
				var selector = '.oxy-nav-menu-open .menu-item a[href*="#"]';
				jQuery('body').on('click', selector, function(){
					jQuery('.oxy-nav-menu-open').removeClass('oxy-nav-menu-open');
					jQuery('body').removeClass('oxy-nav-menu-prevent-overflow');
					jQuery('html').removeClass('oxy-nav-menu-prevent-overflow');
					jQuery(this).click();
				});
			});
		</script>

	
		<svg style="position: absolute; width: 0; height: 0; overflow: hidden;" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
		   <defs>
		      <symbol id="oxy-social-icons-icon-linkedin" viewBox="0 0 32 32">
		         <title>linkedin</title>
		         <path d="M12 12h5.535v2.837h0.079c0.77-1.381 2.655-2.837 5.464-2.837 5.842 0 6.922 3.637 6.922 8.367v9.633h-5.769v-8.54c0-2.037-0.042-4.657-3.001-4.657-3.005 0-3.463 2.218-3.463 4.509v8.688h-5.767v-18z"></path>
		         <path d="M2 12h6v18h-6v-18z"></path>
		         <path d="M8 7c0 1.657-1.343 3-3 3s-3-1.343-3-3c0-1.657 1.343-3 3-3s3 1.343 3 3z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-facebook" viewBox="0 0 32 32">
		         <title>facebook</title>
		         <path d="M19 6h5v-6h-5c-3.86 0-7 3.14-7 7v3h-4v6h4v16h6v-16h5l1-6h-6v-3c0-0.542 0.458-1 1-1z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-pinterest" viewBox="0 0 32 32">
		         <title>pinterest</title>
		         <path d="M16 2.138c-7.656 0-13.863 6.206-13.863 13.863 0 5.875 3.656 10.887 8.813 12.906-0.119-1.094-0.231-2.781 0.050-3.975 0.25-1.081 1.625-6.887 1.625-6.887s-0.412-0.831-0.412-2.056c0-1.925 1.119-3.369 2.506-3.369 1.181 0 1.756 0.887 1.756 1.95 0 1.188-0.756 2.969-1.15 4.613-0.331 1.381 0.688 2.506 2.050 2.506 2.462 0 4.356-2.6 4.356-6.35 0-3.319-2.387-5.638-5.787-5.638-3.944 0-6.256 2.956-6.256 6.019 0 1.194 0.456 2.469 1.031 3.163 0.113 0.137 0.131 0.256 0.094 0.4-0.106 0.438-0.338 1.381-0.387 1.575-0.063 0.256-0.2 0.306-0.463 0.188-1.731-0.806-2.813-3.337-2.813-5.369 0-4.375 3.175-8.387 9.156-8.387 4.806 0 8.544 3.425 8.544 8.006 0 4.775-3.012 8.625-7.194 8.625-1.406 0-2.725-0.731-3.175-1.594 0 0-0.694 2.644-0.863 3.294-0.313 1.206-1.156 2.712-1.725 3.631 1.3 0.4 2.675 0.619 4.106 0.619 7.656 0 13.863-6.206 13.863-13.863 0-7.662-6.206-13.869-13.863-13.869z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-youtube" viewBox="0 0 32 32">
		         <title>youtube</title>
		         <path d="M31.681 9.6c0 0-0.313-2.206-1.275-3.175-1.219-1.275-2.581-1.281-3.206-1.356-4.475-0.325-11.194-0.325-11.194-0.325h-0.012c0 0-6.719 0-11.194 0.325-0.625 0.075-1.987 0.081-3.206 1.356-0.963 0.969-1.269 3.175-1.269 3.175s-0.319 2.588-0.319 5.181v2.425c0 2.587 0.319 5.181 0.319 5.181s0.313 2.206 1.269 3.175c1.219 1.275 2.819 1.231 3.531 1.369 2.563 0.244 10.881 0.319 10.881 0.319s6.725-0.012 11.2-0.331c0.625-0.075 1.988-0.081 3.206-1.356 0.962-0.969 1.275-3.175 1.275-3.175s0.319-2.587 0.319-5.181v-2.425c-0.006-2.588-0.325-5.181-0.325-5.181zM12.694 20.15v-8.994l8.644 4.513-8.644 4.481z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-rss" viewBox="0 0 32 32">
		         <title>rss</title>
		         <path d="M4.259 23.467c-2.35 0-4.259 1.917-4.259 4.252 0 2.349 1.909 4.244 4.259 4.244 2.358 0 4.265-1.895 4.265-4.244-0-2.336-1.907-4.252-4.265-4.252zM0.005 10.873v6.133c3.993 0 7.749 1.562 10.577 4.391 2.825 2.822 4.384 6.595 4.384 10.603h6.16c-0-11.651-9.478-21.127-21.121-21.127zM0.012 0v6.136c14.243 0 25.836 11.604 25.836 25.864h6.152c0-17.64-14.352-32-31.988-32z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-twitter" viewBox="0 0 32 32">
		         <title>twitter</title>
		         <path d="M32 7.075c-1.175 0.525-2.444 0.875-3.769 1.031 1.356-0.813 2.394-2.1 2.887-3.631-1.269 0.75-2.675 1.3-4.169 1.594-1.2-1.275-2.906-2.069-4.794-2.069-3.625 0-6.563 2.938-6.563 6.563 0 0.512 0.056 1.012 0.169 1.494-5.456-0.275-10.294-2.888-13.531-6.862-0.563 0.969-0.887 2.1-0.887 3.3 0 2.275 1.156 4.287 2.919 5.463-1.075-0.031-2.087-0.331-2.975-0.819 0 0.025 0 0.056 0 0.081 0 3.181 2.263 5.838 5.269 6.437-0.55 0.15-1.131 0.231-1.731 0.231-0.425 0-0.831-0.044-1.237-0.119 0.838 2.606 3.263 4.506 6.131 4.563-2.25 1.762-5.075 2.813-8.156 2.813-0.531 0-1.050-0.031-1.569-0.094 2.913 1.869 6.362 2.95 10.069 2.95 12.075 0 18.681-10.006 18.681-18.681 0-0.287-0.006-0.569-0.019-0.85 1.281-0.919 2.394-2.075 3.275-3.394z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-instagram" viewBox="0 0 32 32">
		         <title>instagram</title>
		         <path d="M16 2.881c4.275 0 4.781 0.019 6.462 0.094 1.563 0.069 2.406 0.331 2.969 0.55 0.744 0.288 1.281 0.638 1.837 1.194 0.563 0.563 0.906 1.094 1.2 1.838 0.219 0.563 0.481 1.412 0.55 2.969 0.075 1.688 0.094 2.194 0.094 6.463s-0.019 4.781-0.094 6.463c-0.069 1.563-0.331 2.406-0.55 2.969-0.288 0.744-0.637 1.281-1.194 1.837-0.563 0.563-1.094 0.906-1.837 1.2-0.563 0.219-1.413 0.481-2.969 0.55-1.688 0.075-2.194 0.094-6.463 0.094s-4.781-0.019-6.463-0.094c-1.563-0.069-2.406-0.331-2.969-0.55-0.744-0.288-1.281-0.637-1.838-1.194-0.563-0.563-0.906-1.094-1.2-1.837-0.219-0.563-0.481-1.413-0.55-2.969-0.075-1.688-0.094-2.194-0.094-6.463s0.019-4.781 0.094-6.463c0.069-1.563 0.331-2.406 0.55-2.969 0.288-0.744 0.638-1.281 1.194-1.838 0.563-0.563 1.094-0.906 1.838-1.2 0.563-0.219 1.412-0.481 2.969-0.55 1.681-0.075 2.188-0.094 6.463-0.094zM16 0c-4.344 0-4.887 0.019-6.594 0.094-1.7 0.075-2.869 0.35-3.881 0.744-1.056 0.412-1.95 0.956-2.837 1.85-0.894 0.888-1.438 1.781-1.85 2.831-0.394 1.019-0.669 2.181-0.744 3.881-0.075 1.713-0.094 2.256-0.094 6.6s0.019 4.887 0.094 6.594c0.075 1.7 0.35 2.869 0.744 3.881 0.413 1.056 0.956 1.95 1.85 2.837 0.887 0.887 1.781 1.438 2.831 1.844 1.019 0.394 2.181 0.669 3.881 0.744 1.706 0.075 2.25 0.094 6.594 0.094s4.888-0.019 6.594-0.094c1.7-0.075 2.869-0.35 3.881-0.744 1.050-0.406 1.944-0.956 2.831-1.844s1.438-1.781 1.844-2.831c0.394-1.019 0.669-2.181 0.744-3.881 0.075-1.706 0.094-2.25 0.094-6.594s-0.019-4.887-0.094-6.594c-0.075-1.7-0.35-2.869-0.744-3.881-0.394-1.063-0.938-1.956-1.831-2.844-0.887-0.887-1.781-1.438-2.831-1.844-1.019-0.394-2.181-0.669-3.881-0.744-1.712-0.081-2.256-0.1-6.6-0.1v0z"></path>
		         <path d="M16 7.781c-4.537 0-8.219 3.681-8.219 8.219s3.681 8.219 8.219 8.219 8.219-3.681 8.219-8.219c0-4.537-3.681-8.219-8.219-8.219zM16 21.331c-2.944 0-5.331-2.387-5.331-5.331s2.387-5.331 5.331-5.331c2.944 0 5.331 2.387 5.331 5.331s-2.387 5.331-5.331 5.331z"></path>
		         <path d="M26.462 7.456c0 1.060-0.859 1.919-1.919 1.919s-1.919-0.859-1.919-1.919c0-1.060 0.859-1.919 1.919-1.919s1.919 0.859 1.919 1.919z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-facebook-blank" viewBox="0 0 32 32">
		         <title>facebook-blank</title>
		         <path d="M29 0h-26c-1.65 0-3 1.35-3 3v26c0 1.65 1.35 3 3 3h13v-14h-4v-4h4v-2c0-3.306 2.694-6 6-6h4v4h-4c-1.1 0-2 0.9-2 2v2h6l-1 4h-5v14h9c1.65 0 3-1.35 3-3v-26c0-1.65-1.35-3-3-3z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-rss-blank" viewBox="0 0 32 32">
		         <title>rss-blank</title>
		         <path d="M29 0h-26c-1.65 0-3 1.35-3 3v26c0 1.65 1.35 3 3 3h26c1.65 0 3-1.35 3-3v-26c0-1.65-1.35-3-3-3zM8.719 25.975c-1.5 0-2.719-1.206-2.719-2.706 0-1.488 1.219-2.712 2.719-2.712 1.506 0 2.719 1.225 2.719 2.712 0 1.5-1.219 2.706-2.719 2.706zM15.544 26c0-2.556-0.994-4.962-2.794-6.762-1.806-1.806-4.2-2.8-6.75-2.8v-3.912c7.425 0 13.475 6.044 13.475 13.475h-3.931zM22.488 26c0-9.094-7.394-16.5-16.481-16.5v-3.912c11.25 0 20.406 9.162 20.406 20.413h-3.925z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-linkedin-blank" viewBox="0 0 32 32">
		         <title>linkedin-blank</title>
		         <path d="M29 0h-26c-1.65 0-3 1.35-3 3v26c0 1.65 1.35 3 3 3h26c1.65 0 3-1.35 3-3v-26c0-1.65-1.35-3-3-3zM12 26h-4v-14h4v14zM10 10c-1.106 0-2-0.894-2-2s0.894-2 2-2c1.106 0 2 0.894 2 2s-0.894 2-2 2zM26 26h-4v-8c0-1.106-0.894-2-2-2s-2 0.894-2 2v8h-4v-14h4v2.481c0.825-1.131 2.087-2.481 3.5-2.481 2.488 0 4.5 2.238 4.5 5v9z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-pinterest-blank" viewBox="0 0 32 32">
		         <title>pinterest</title>
		         <path d="M16 2.138c-7.656 0-13.863 6.206-13.863 13.863 0 5.875 3.656 10.887 8.813 12.906-0.119-1.094-0.231-2.781 0.050-3.975 0.25-1.081 1.625-6.887 1.625-6.887s-0.412-0.831-0.412-2.056c0-1.925 1.119-3.369 2.506-3.369 1.181 0 1.756 0.887 1.756 1.95 0 1.188-0.756 2.969-1.15 4.613-0.331 1.381 0.688 2.506 2.050 2.506 2.462 0 4.356-2.6 4.356-6.35 0-3.319-2.387-5.638-5.787-5.638-3.944 0-6.256 2.956-6.256 6.019 0 1.194 0.456 2.469 1.031 3.163 0.113 0.137 0.131 0.256 0.094 0.4-0.106 0.438-0.338 1.381-0.387 1.575-0.063 0.256-0.2 0.306-0.463 0.188-1.731-0.806-2.813-3.337-2.813-5.369 0-4.375 3.175-8.387 9.156-8.387 4.806 0 8.544 3.425 8.544 8.006 0 4.775-3.012 8.625-7.194 8.625-1.406 0-2.725-0.731-3.175-1.594 0 0-0.694 2.644-0.863 3.294-0.313 1.206-1.156 2.712-1.725 3.631 1.3 0.4 2.675 0.619 4.106 0.619 7.656 0 13.863-6.206 13.863-13.863 0-7.662-6.206-13.869-13.863-13.869z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-youtube-blank" viewBox="0 0 32 32">
		         <title>youtube</title>
		         <path d="M31.681 9.6c0 0-0.313-2.206-1.275-3.175-1.219-1.275-2.581-1.281-3.206-1.356-4.475-0.325-11.194-0.325-11.194-0.325h-0.012c0 0-6.719 0-11.194 0.325-0.625 0.075-1.987 0.081-3.206 1.356-0.963 0.969-1.269 3.175-1.269 3.175s-0.319 2.588-0.319 5.181v2.425c0 2.587 0.319 5.181 0.319 5.181s0.313 2.206 1.269 3.175c1.219 1.275 2.819 1.231 3.531 1.369 2.563 0.244 10.881 0.319 10.881 0.319s6.725-0.012 11.2-0.331c0.625-0.075 1.988-0.081 3.206-1.356 0.962-0.969 1.275-3.175 1.275-3.175s0.319-2.587 0.319-5.181v-2.425c-0.006-2.588-0.325-5.181-0.325-5.181zM12.694 20.15v-8.994l8.644 4.513-8.644 4.481z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-twitter-blank" viewBox="0 0 32 32">
		         <title>twitter</title>
		         <path d="M32 7.075c-1.175 0.525-2.444 0.875-3.769 1.031 1.356-0.813 2.394-2.1 2.887-3.631-1.269 0.75-2.675 1.3-4.169 1.594-1.2-1.275-2.906-2.069-4.794-2.069-3.625 0-6.563 2.938-6.563 6.563 0 0.512 0.056 1.012 0.169 1.494-5.456-0.275-10.294-2.888-13.531-6.862-0.563 0.969-0.887 2.1-0.887 3.3 0 2.275 1.156 4.287 2.919 5.463-1.075-0.031-2.087-0.331-2.975-0.819 0 0.025 0 0.056 0 0.081 0 3.181 2.263 5.838 5.269 6.437-0.55 0.15-1.131 0.231-1.731 0.231-0.425 0-0.831-0.044-1.237-0.119 0.838 2.606 3.263 4.506 6.131 4.563-2.25 1.762-5.075 2.813-8.156 2.813-0.531 0-1.050-0.031-1.569-0.094 2.913 1.869 6.362 2.95 10.069 2.95 12.075 0 18.681-10.006 18.681-18.681 0-0.287-0.006-0.569-0.019-0.85 1.281-0.919 2.394-2.075 3.275-3.394z"></path>
		      </symbol>
		      <symbol id="oxy-social-icons-icon-instagram-blank" viewBox="0 0 32 32">
		         <title>instagram</title>
		         <path d="M16 2.881c4.275 0 4.781 0.019 6.462 0.094 1.563 0.069 2.406 0.331 2.969 0.55 0.744 0.288 1.281 0.638 1.837 1.194 0.563 0.563 0.906 1.094 1.2 1.838 0.219 0.563 0.481 1.412 0.55 2.969 0.075 1.688 0.094 2.194 0.094 6.463s-0.019 4.781-0.094 6.463c-0.069 1.563-0.331 2.406-0.55 2.969-0.288 0.744-0.637 1.281-1.194 1.837-0.563 0.563-1.094 0.906-1.837 1.2-0.563 0.219-1.413 0.481-2.969 0.55-1.688 0.075-2.194 0.094-6.463 0.094s-4.781-0.019-6.463-0.094c-1.563-0.069-2.406-0.331-2.969-0.55-0.744-0.288-1.281-0.637-1.838-1.194-0.563-0.563-0.906-1.094-1.2-1.837-0.219-0.563-0.481-1.413-0.55-2.969-0.075-1.688-0.094-2.194-0.094-6.463s0.019-4.781 0.094-6.463c0.069-1.563 0.331-2.406 0.55-2.969 0.288-0.744 0.638-1.281 1.194-1.838 0.563-0.563 1.094-0.906 1.838-1.2 0.563-0.219 1.412-0.481 2.969-0.55 1.681-0.075 2.188-0.094 6.463-0.094zM16 0c-4.344 0-4.887 0.019-6.594 0.094-1.7 0.075-2.869 0.35-3.881 0.744-1.056 0.412-1.95 0.956-2.837 1.85-0.894 0.888-1.438 1.781-1.85 2.831-0.394 1.019-0.669 2.181-0.744 3.881-0.075 1.713-0.094 2.256-0.094 6.6s0.019 4.887 0.094 6.594c0.075 1.7 0.35 2.869 0.744 3.881 0.413 1.056 0.956 1.95 1.85 2.837 0.887 0.887 1.781 1.438 2.831 1.844 1.019 0.394 2.181 0.669 3.881 0.744 1.706 0.075 2.25 0.094 6.594 0.094s4.888-0.019 6.594-0.094c1.7-0.075 2.869-0.35 3.881-0.744 1.050-0.406 1.944-0.956 2.831-1.844s1.438-1.781 1.844-2.831c0.394-1.019 0.669-2.181 0.744-3.881 0.075-1.706 0.094-2.25 0.094-6.594s-0.019-4.887-0.094-6.594c-0.075-1.7-0.35-2.869-0.744-3.881-0.394-1.063-0.938-1.956-1.831-2.844-0.887-0.887-1.781-1.438-2.831-1.844-1.019-0.394-2.181-0.669-3.881-0.744-1.712-0.081-2.256-0.1-6.6-0.1v0z"></path>
		         <path d="M16 7.781c-4.537 0-8.219 3.681-8.219 8.219s3.681 8.219 8.219 8.219 8.219-3.681 8.219-8.219c0-4.537-3.681-8.219-8.219-8.219zM16 21.331c-2.944 0-5.331-2.387-5.331-5.331s2.387-5.331 5.331-5.331c2.944 0 5.331 2.387 5.331 5.331s-2.387 5.331-5.331 5.331z"></path>
		         <path d="M26.462 7.456c0 1.060-0.859 1.919-1.919 1.919s-1.919-0.859-1.919-1.919c0-1.060 0.859-1.919 1.919-1.919s1.919 0.859 1.919 1.919z"></path>
		      </symbol>
		   </defs>
		</svg>
	
	
		<script type="text/javascript">

            // Initialize Oxygen Modals
            jQuery(document).ready(function() {

                function showModal( modal ) {
                    var $modal = jQuery( modal );
                    $modal.addClass("live");
                    var modalId = $modal[0].querySelector('.ct-modal').id;

                    // Check if this modal can be shown according to settings and last shown time
                    // Current and last time in milliseconds
                    var currentTime = new Date().getTime();
                    var lastShownTime = localStorage && localStorage['oxy-' + modalId + '-last-shown-time'] ? JSON.parse( localStorage['oxy-' + modalId + '-last-shown-time'] ) : false;
                    // manual triggers aren't affected by last shown time
                    if( $modal.data( 'trigger' ) != 'user_clicks_element' ) {
                        switch( $modal.data( 'open-again' ) ) {
                            case 'never_show_again':
                                // if it was shown at least once, don't show it again
                                if( lastShownTime !== false ) return;
                                break;
                            case 'show_again_after':
                                var settingDays = parseInt( $modal.data( 'open-again-after-days' ) );
                                var actualDays = ( currentTime - lastShownTime ) / ( 60*60*24*1000 );
                                if( actualDays < settingDays ) return;
                                break;
                            default:
                                //always show
                                break;
                        }
                    }
                    // save current time as last shown time
                    if( localStorage ) localStorage['oxy-' + modalId + '-last-shown-time'] = JSON.stringify( currentTime );

                    // trick to make jQuery fadeIn with flex
                    $modal.css("display", "flex");
                    $modal.hide();
                    // trick to force AOS trigger on elements inside the modal
                    $modal.find(".aos-animate").removeClass("aos-animate").addClass("aos-animate-disabled");

                    // show the modal
                    $modal.fadeIn(250, function(){
                        // trick to force AOS trigger on elements inside the modal
                        $modal.find(".aos-animate-disabled").removeClass("aos-animate-disabled").addClass("aos-animate");
                    });


                    if( $modal.data( 'close-automatically' ) == 'yes' ) {
                        var time = parseInt( $modal.data( 'close-after-time' ) );
                        if( $modal.data( 'close-after-time-unit' ) == 'seconds' ) {
                            time = parseInt( parseFloat( $modal.data( 'close-after-time' ) ) * 1000 );
                        }
                        setTimeout( function(){
                            hideModal(modal);
                        }, time );
                    }

                    // close modal automatically after form submit (Non-AJAX)
                    if( $modal.data( 'close-after-form-submit' ) == 'yes' && $modal.data("trigger") == "after_specified_time" ) {

                        // WPForms
                        // WPForms replaces the form with a confirmation message on page refresh
                        if( $modal.find(".wpforms-confirmation-container-full").length > 0 ) {
                            setTimeout(function () {
                                hideModal(modal);
                            }, 3000);
                        }

                        // Formidable Forms
                        // Formidable Forms replaces the form with a confirmation message on page refresh
                        if( $modal.find(".frm_message").length > 0 ) {
                            setTimeout(function () {
                                hideModal(modal);
                            }, 3000);
                        }

                        // Caldera Forms
                        // Caldera Forms replaces the form with a confirmation message on page refresh
                        if( $modal.find(".caldera-grid .alert-success").length > 0 ) {
                            setTimeout(function () {
                                hideModal(modal);
                            }, 3000);
                        }

                    }
                }

                var hideModal = function ( modal ) {

                    // The function may be called by third party code, without argument, so we must close the first visible modal
                    if( typeof modal === 'undefined' ) {
                        var openModals = jQuery(".oxy-modal-backdrop.live");
                        if( openModals.length == 0 ) return;
                        modal = openModals[0];
                    }

                    var $modal = jQuery( modal );
                    // refresh any iframe so media embedded this way is stopped
                    $modal.find( 'iframe').each(function(index){
                        this.src = this.src;
                    });
                    // HTML5 videos can be stopped easily
                    $modal.find( 'video' ).each(function(index){
                        this.pause();
                    });
                    // If there are any forms in the modal, reset them
                    $modal.find("form").each(function(index){
                        this.reset();
                    });

                    $modal.fadeOut(400, function(){
                        $modal.removeClass("live");
                    });
                };

                window.oxyCloseModal = hideModal;

                jQuery( ".oxy-modal-backdrop" ).each(function( index ) {

                    var modal = this;

                    (function( modal ){
                        var $modal = jQuery( modal );
						
						var exitIntentFunction = function( e ){
							if( e.clientY <= 0 ) {
								showModal( modal );
								document.removeEventListener( "mouseleave", exitIntentFunction );
								document.removeEventListener( "mouseout", exitIntentFunction );
							}
						}

                        switch ( jQuery( modal ).data("trigger") ) {

                            case "on_exit_intent":
                                document.addEventListener( "mouseleave", exitIntentFunction, false);
								document.addEventListener( "mouseout", exitIntentFunction, false);
                                break;

                            case "user_clicks_element":
                                jQuery( jQuery( modal ).data( 'trigger-selector' ) ).click( function( event ) {
                                    showModal( modal );
                                    event.preventDefault();
                                } );
                                break;

                            case "after_specified_time":
                                var time = parseInt( jQuery( modal ).data( 'trigger-time' ) );
                                if( jQuery( modal ).data( 'trigger-time-unit' ) == 'seconds' ) {
                                    time = parseInt( parseFloat( jQuery( modal ).data( 'trigger-time' ) ) * 1000 );
                                }
                                setTimeout( function(){
                                    showModal( modal );
                                }, time );
                                break;

                            case "after_scrolled_amount":
                                window.addEventListener("scroll", function scrollDetection(){
                                    var winheight= window.innerHeight || (document.documentElement || document.body).clientHeight;
                                    var docheight = jQuery(document).height();
                                    var scrollTop = window.pageYOffset || (document.documentElement || document.body.parentNode || document.body).scrollTop;
                                    var isScrollUp = false;
                                    var oxyPreviousScrollTop = parseInt( jQuery( modal ).data( 'previous_scroll_top' ) );
                                    if( !isNaN( oxyPreviousScrollTop ) ) {
                                        if( oxyPreviousScrollTop > scrollTop) isScrollUp = true;
                                    }
                                    jQuery( modal ).data( 'previous_scroll_top', scrollTop );
                                    var trackLength = docheight - winheight;
                                    var pctScrolled = Math.floor(scrollTop/trackLength * 100);
                                    if( isNaN( pctScrolled ) ) pctScrolled = 0;

                                    if(
                                        ( isScrollUp && jQuery( modal ).data( 'trigger_scroll_direction' ) == 'up' ) ||
                                        ( !isScrollUp && jQuery( modal ).data( 'trigger_scroll_direction' ) == 'down' && pctScrolled >= parseInt( jQuery( modal ).data( 'trigger_scroll_amount' ) ) )
                                    ) {
                                        showModal( modal );
                                        window.removeEventListener( "scroll", scrollDetection );
                                    }
                                }, false);
                                break;
                            case "on_scroll_to_element":
                                window.addEventListener("scroll", function scrollDetection(){
                                    var $element = jQuery( jQuery( modal ).data( 'scroll_to_selector' ) );
                                    if( $element.length == 0 ) {
                                        window.removeEventListener( "scroll", scrollDetection );
                                        return;
                                    }

                                    var top_of_element = $element.offset().top;
                                    var bottom_of_element = $element.offset().top + $element.outerHeight();
                                    var bottom_of_screen = jQuery(window).scrollTop() + jQuery(window).innerHeight();
                                    var top_of_screen = jQuery(window).scrollTop();

                                    if ((bottom_of_screen > bottom_of_element - $element.outerHeight() /2 ) && (top_of_screen < top_of_element + $element.outerHeight() /2 )){
                                        showModal( modal );
                                        window.removeEventListener( "scroll", scrollDetection );
                                    }
                                }, false);
                                break;
                            case "after_number_of_clicks":
                                document.addEventListener("click", function clickDetection(){
                                    var number_of_clicks = parseInt( jQuery( modal ).data( 'number_of_clicks' ) );

                                    var clicks_performed = isNaN( parseInt( jQuery( modal ).data( 'clicks_performed' ) ) ) ? 1 :  parseInt( jQuery( modal ).data( 'clicks_performed' ) ) + 1;

                                    jQuery( modal ).data( 'clicks_performed', clicks_performed );

                                    if ( clicks_performed == number_of_clicks ){
                                        showModal( modal );
                                        document.removeEventListener( "click", clickDetection );
                                    }
                                }, false);
                                break;
                            case "after_time_inactive":
                                var time = parseInt( jQuery( modal ).data( 'time_inactive' ) );
                                if( jQuery( modal ).data( 'time-inactive-unit' ) == 'seconds' ) {
                                    time = parseInt( parseFloat( jQuery( modal ).data( 'time_inactive' ) ) * 1000 );
                                }
                                var activityDetected = function(){
                                    jQuery( modal ).data( 'millis_idle', 0 );
                                };
                                document.addEventListener( "click", activityDetected);
                                document.addEventListener( "mousemove", activityDetected);
                                document.addEventListener( "keypress", activityDetected);
                                document.addEventListener( "scroll", activityDetected);

                                var idleInterval = setInterval(function(){
                                    var millis_idle = isNaN( parseInt( jQuery( modal ).data( 'millis_idle' ) ) ) ? 100 :  parseInt( jQuery( modal ).data( 'millis_idle' ) ) + 100;
                                    jQuery( modal ).data( 'millis_idle', millis_idle );
                                    if( millis_idle > time ){
                                        clearInterval( idleInterval );
                                        document.removeEventListener( "click", activityDetected );
                                        document.removeEventListener( "mousemove", activityDetected );
                                        document.removeEventListener( "keypress", activityDetected );
                                        document.removeEventListener( "scroll", activityDetected );
                                        showModal( modal );
                                    }
                                }, 100);
                                break;

                            case "after_number_of_page_views":
                                var modalId = modal.querySelector('.ct-modal').id;
                                var pageViews = localStorage && localStorage['oxy-' + modalId + '-page-views'] ? parseInt( localStorage['oxy-' + modalId + '-page-views'] ) : 0;
                                pageViews++;
                                if( localStorage ) localStorage['oxy-' + modalId + '-page-views'] = pageViews;
                                if( parseInt( jQuery( modal ).data( 'number_of_page_views' ) ) == pageViews ) {
                                    if( localStorage ) localStorage['oxy-' + modalId + '-page-views'] = 0;
                                    showModal( modal );
                                }
                                break;

                        }

                        // add event handler to close modal automatically after AJAX form submit
                        if( $modal.data( 'close-after-form-submit' ) == 'yes' ) {

                            // Contact Form 7
                            if (typeof wpcf7 !== 'undefined') {
                                $modal.find('div.wpcf7').each(function () {
                                    var $form = jQuery(this).find('form');
                                    this.addEventListener('wpcf7submit', function (event) {
                                        if (event.detail.contactFormId == $form.attr("id")) {
                                            setTimeout(function () {
                                                hideModal(modal);
                                            }, 3000);
                                        }
                                    }, false);
                                });
                            }

                            // Caldera Forms
                            document.addEventListener( "cf.submission", function(event){
                                // Pending, Caldera AJAX form submissions aren't working since Oxygen 2.2, see: https://github.com/soflyy/oxygen/issues/1638
                                console.log( event );
                            });

                            // Ninja Forms
                            jQuery(document).on("nfFormSubmitResponse", function(event, response){
                                // Only close the modal if the event was triggered from a Ninja Form inside the modal
                                if( $modal.find("#nf-form-" + response.id + "-cont").length > 0 ) {
                                    setTimeout(function () {
                                        hideModal(modal);
                                    }, 3000);
                                }
                            });

                        }

                    })( modal );

                });

                // handle clicks on modal backdrop and on .oxy-close-modal
                jQuery("body").on('click touchend', '.oxy-modal-backdrop, .oxy-close-modal', function( event ) {

                    var $this = jQuery( this );
                    var $target = jQuery( event.target );

                    // Click event in the modal div and it's children is propagated to the backdrop
                    if( !$target.hasClass( 'oxy-modal-backdrop' ) && !$this.hasClass( 'oxy-close-modal' ) ) {
                        event.stopPropagation();
                        return;
                    }

                    if( $target.hasClass( 'oxy-modal-backdrop' ) && $this.hasClass( 'oxy-not-closable' ) ) {
                        return;
                    }

                    if( $this.hasClass( 'oxy-close-modal' ) ) event.preventDefault();

                    var $modal = $this.hasClass( 'oxy-close-modal' ) ? $this.closest('.oxy-modal-backdrop') : $this;
                    hideModal( $modal[0] );
                });

                jQuery(document).keyup( function(e){
                    if( e.key == 'Escape' ){
                        jQuery(".oxy-modal-backdrop:visible").each(function(index){
                            if( jQuery(this).data("close_on_esc") == 'on' ) hideModal(this);
                        });
                    }
                } );

            });

		</script>

	<link rel='stylesheet' id='cookie-law-info-table-css'  href='https://yoroi.company/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-table.css?ver=2.0.6' type='text/css' media='all' />
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001' id='jetpack-photon-js'></script>
<script type='text/javascript' src='https://c0.wp.com/c/5.8.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js' id='regenerator-runtime-js'></script>
<script type='text/javascript' src='https://c0.wp.com/c/5.8.2/wp-includes/js/dist/vendor/wp-polyfill.min.js' id='wp-polyfill-js'></script>
<script type='text/javascript' id='contact-form-7-js-extra'>
/* <![CDATA[ */
var wpcf7 = {"api":{"root":"https:\/\/yoroi.company\/wp-json\/","namespace":"contact-form-7\/v1"},"cached":"1"};
/* ]]> */
</script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.2' id='contact-form-7-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?minify=false&#038;ver=2d4bf43f398489795f1893179047a63c' id='jetpack-lazy-images-polyfill-intersectionobserver-js'></script>
<script type='text/javascript' id='jetpack-lazy-images-js-extra'>
/* <![CDATA[ */
var jetpackLazyImagesL10n = {"loading_warning":"Images are still loading. Please cancel your print and try again."};
/* ]]> */
</script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?minify=false&#038;ver=1c8bb5930b723e669774487342a8fa98' id='jetpack-lazy-images-js'></script>
<script type='text/javascript' src='https://www.google.com/recaptcha/api.js?render=6LfTr-AUAAAAANb_RvhTeWu00N_K6josD9XFY1OD&#038;ver=3.0' id='google-recaptcha-js'></script>
<script type='text/javascript' id='wpcf7-recaptcha-js-extra'>
/* <![CDATA[ */
var wpcf7_recaptcha = {"sitekey":"6LfTr-AUAAAAANb_RvhTeWu00N_K6josD9XFY1OD","actions":{"homepage":"homepage","contactform":"contactform"}};
/* ]]> */
</script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.2' id='wpcf7-recaptcha-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/modernizr/modernizr.js?ver=1.2.7' id='slick-menu-modernizr-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/greensock/TweenMax.min.js?ver=1.2.7' id='slick-menu-tween-max-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/greensock/ScrollToPlugin.min.js?ver=1.2.7' id='slick-menu-gsap-scrollto-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/body-scroll-lock/body-scroll-lock.min.js?ver=1.2.7' id='slick-menu-body-scroll-lock-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/slick-menu/assets/js/utils.min.js?ver=1.2.7' id='slick-menu-utils-js'></script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/slick-menu/assets/js/slickmenu.min.js?ver=1.2.7' id='slick-menu-slickmenu-js'></script>
<script type='text/javascript' id='slick-menu-frontend-js-extra'>
/* <![CDATA[ */
var SM_VARS = {"ajaxurl":"https:\/\/yoroi.company\/wp-admin\/admin-ajax.php","sm_ajaxurl":"https:\/\/yoroi.company\/?sm_ajax=build_menu&t=1640290164","assets_url":"https:\/\/yoroi.company\/wp-content\/plugins\/slick-menu\/assets\/","options":{"26":{"close-link-hidden":"0","close-link-position":"left","close-link-color":"rgba(255, 255, 255, 0.8)","close-link-hover-color":"rgba(255, 255, 255, 1)","close-link-bg-color":"","close-link-hover-bg-color":"","close-link-icon":{"type":"genericon","icon":"genericon-close-alt"},"close-link-icon-size":"25px","close-link-padding":"","close-link-margin":"10px 20px","close-link-border":{"top-width":"0","right-width":"0","bottom-width":"0","left-width":"0","radius":"0"},"close-link-animation":"","content-bg":[],"content-shadow":{"hshadow":"0","vshadow":"0","blur":"0","spread":"0"},"content-filter":"sm-filter-brightness","exclude-pages":[],"mobile-breakpoint":"","menu-ajax":"0","menu-position":"right","menu-open-active-level":"1","menu-always-visible":"0","menu-shadow":{"hshadow":"0","vshadow":"0","blur":"0","spread":"0"},"level-animation-type":"cover","menu-animation-type":"sm-effect-1","menu-mobile-animation-type":"sm-effect-2","menu-open-duration":"350","menu-open-easing":"ease-out","menu-close-duration":"300","menu-close-easing":"ease-in","menu-overlap-font-family":"","menu-overlap-title-color":"#ffffff","menu-overlap-icon-color":"#ffffff","menu-overlap-bg-color":"rgba(0, 0, 0, 0.3)","back-link-hidden":"0","back-link-vposition":"bottom","back-link-position":"right","back-link-font-family":"","back-link-font-size":"14px","back-link-color":"rgba(255, 255, 255, 0.8)","back-link-hover-color":"rgba(255, 255, 255, 1)","back-link-icon":{"type":"","icon":""},"back-link-icon-only":"0","back-link-icon-position":"after","back-link-icon-size":"16px","back-link-padding":"","back-link-margin":"16px","level-bg":{"color":"rgba(43, 43, 41, 1)"},"level-pattern":{"pattern":"https:\/\/yoroi.company\/wp-content\/plugins\/slick-menu\/assets\/\/images\/patterns\/_none.png","opacity":"0.01"},"level-overlay":{"type":"color"},"level-video":{"opacity":"0","scale":"0"},"description-enabled":"0","description-from-page":"0","description-text":"","description-page":"","description-font-family":"","description-font-size":"18px","description-line-height":"24px","description-text-transform":"none","description-text-align":"center","description-font-color":"#ffffff","description-bg-color":"","description-width":"","description-padding":"20px","description-margin":"0 0 15px 0","description-border":{"top-width":"0","right-width":"0","bottom-width":"0","left-width":"0","radius":"0"},"description-animation":"","footer-min-height":"","level-footer-stick-bottom":"1","level-footer-over-content":"0","footer-text":"&copy; 2020 credits: <strong>SimpleNetworks<\/strong>","footer-text-font-family":"","footer-text-font-size":"14px","footer-text-align":"center","footer-bg":[],"footer-pattern":{"opacity":"0.5"},"footer-overlay":{"type":"color"},"footer-text-color":"rgba(255, 255, 255, 0.9)","footer-padding":"0 25px 25px","footer-margin":"","footer-text-padding":"","footer-animation":"","level-width":"280px","level-mobile-centered":"0","level-valign":"middle","level-disabled-scroll":"0","level-show-scrollbar":"0","level-scroll-to-current":"0","level-padding":"40px 0","level-header-stick-top":"0","level-header-over-content":"0","header-bg":{"repeat":"no-repeat","size":"contain","position":"center top"},"header-pattern":{"opacity":"0.5"},"header-overlay":{"type":"color","color":"rgba(255, 255, 255, 0)"},"header-padding":"0 16px 16px","header-margin":"16px 0","menu-items-hidden":"0","menu-items-hide-label":"0","menu-items-label-visibility":"0","menu-items-fullwidth":"1","menu-items-height":"","menu-items-font-family":"","menu-items-font-size":"18px","menu-items-line-height":"1.7","menu-items-text-transform":"none","menu-items-text-align":"center","menu-items-vertical-align":"middle","menu-items-font-color":"rgba(255, 255, 255, 0.9)","menu-items-bg-color":"","menu-items-active-font-color":"#ffffff","menu-items-active-bg-color":"rgba(0, 0, 0, 0.1)","menu-items-hover-font-color":"#ffffff","menu-items-hover-bg-color":"rgba(0, 0, 0, 0.1)","menu-items-padding":"8px 32px","menu-items-margin":"","menu-items-border":{"top-width":"0","right-width":"0","bottom-width":"0","left-width":"0","radius":"0"},"menu-items-icon-size":"25px","menu-items-icon-line-height":"","menu-items-icon-width":"","menu-items-icon-halign":"left","menu-items-icon-valign":"middle","menu-items-icon-color":"rgba(255, 255, 255, 0.9)","menu-items-icon-hover-color":"#ffffff","menu-items-arrow-icon":{"type":"fa","icon":"fa-angle-right"},"menu-items-arrow-hide":"0","menu-items-arrow-position":"right","menu-items-arrow-size":"18px","menu-items-arrow-hoffset":"0","menu-items-arrow-voffset":"0","menu-items-arrow-color":"rgba(255, 255, 255, 0.6)","menu-items-hover-arrow-color":"rgba(255, 255, 255, 0.6)","menu-items-thumb-general-settings":"","menu-items-thumb-position":"above","menu-items-thumb-bg-repeat":"no-repeat","menu-items-thumb-bg-size":"cover","menu-items-thumb-bg-position":"center center","menu-items-thumb-size-settings":"","menu-items-thumb-size":"medium","menu-items-thumb-width":"","menu-items-thumb-height":"","menu-items-thumb-crop":"0","menu-items-thumb-stretch":"0","menu-items-thumb-spacing-settings":"","menu-items-thumb-margin":"10px auto","menu-items-thumb-overlay-settings":"","menu-items-thumb-bg-overlay":{"type":"color"},"menu-items-thumb-hover-bg-overlay":{"type":"color"},"menu-items-thumb-filters-settings":"","menu-items-thumb-filter":"","menu-items-thumb-hover-filter":"","menu-items-animation":"","menu-items-hover-animation":"sm-hover-normal","menu-items-shadow":{"hshadow":"0","vshadow":"0","blur":"0","spread":"0"},"menu-items-hover-shadow":{"hshadow":"0","vshadow":"0","blur":"0","spread":"0"},"menu-items-inactive-transforms":{"perspective-origin":"left top"},"menu-items-transforms":{"perspective-origin":"left top"},"menu-items-hover-transforms":{"perspective-origin":"left top"},"level-menu-width":"","level-menu-align":"center","level-menu-columns":"1-1","level-menu-column-align":"center","level-menu-padding":"","subtitle-enabled":"0","subtitle-text":"","subtitle-font-family":"","subtitle-font-size":"24px","subtitle-text-transform":"none","subtitle-text-align":"center","subtitle-font-color":"#ffffff","subtitle-bg-color":"","subtitle-padding":"20px","subtitle-margin":"0 0 15px 0","subtitle-border":{"top-width":"0","right-width":"0","bottom-width":"0","left-width":"0","radius":"0"},"subtitle-animation":"","title-hidden":"1","title-override":"","title-fullwidth":"1","title-stick-top":"0","title-position":"center","title-font-family":"","title-font-size":"24px","title-text-transform":"none","title-text-align":"center","title-font-color":"#ffffff","title-bg-color":"rgba(0, 0, 0, 0.1)","title-show-icon":"0","title-main-icon":{"type":"","icon":""},"title-icon-size":"24px","title-icon-color":"#ffffff","title-padding":"20px","title-margin":"0 0 15px 0","title-border":{"top-width":"0","right-width":"0","bottom-width":"0","left-width":"0","radius":"0"},"title-animation":"","logo-main-level":"0","logo-use-avatar":"0","logo":[],"logo-url":"","logo-width":"130px","logo-height":"","logo-align":"center","logo-padding":"40px 25px","logo-border":{"top-width":"0","right-width":"0","bottom-width":"0","left-width":"0","radius":"0"},"logo-animation":"","search-enabled":"0","search-text-align":"left","search-show-placeholder":"0","search-font-family":"","search-font-size":"20px","search-bg-color":"rgba(255, 255, 255, 0.1)","search-font-color":"rgba(255, 255, 255, 0.7)","search-icon-position":"right","search-icon-size":"20px","search-icon-color":"rgba(255, 255, 255, 0.7)","search-width":"","search-margin":"15px","search-hpadding":"15px","search-border":{"top-width":"0","right-width":"0","bottom-width":"0","left-width":"0","radius":"0"},"search-animation":"","menu-trigger-info":"","menu-trigger-class":"","menu-trigger-custom-selector":"","menu-api-toggle":"","menu-api-open":"","menu-api-full":"","wrapper-msg":"","wrapper-bg":[],"wrapper-pattern":{"opacity":"0.5"},"wrapper-overlay":{"type":"color"},"wrapper-video":{"opacity":"0","scale":"0"},"wrapper-filter":"sm-filter-brightness","saved":"1","trigger-menu":"","menu-id":"","menu-item-icon":"","menu-item-icon-position":"","menu-item-hide-label":"","menu-item-label-visibility":"","menu-item-fullwidth":"","menu-item-height":"","menu-item-font-family":"","menu-item-font-size":"","menu-item-line-height":"","menu-item-text-transform":"","menu-item-text-align":"","menu-item-vertical-align":"","menu-item-font-color":"","menu-item-bg-color":"","menu-item-active-font-color":"","menu-item-active-bg-color":"","menu-item-hover-font-color":"","menu-item-hover-bg-color":"","menu-item-padding":"","menu-item-margin":"","menu-item-border":[],"menu-item-icon-size":"","menu-item-icon-line-height":"","menu-item-icon-width":"","menu-item-icon-halign":"","menu-item-icon-valign":"","menu-item-icon-color":"","menu-item-icon-hover-color":"","menu-item-arrow-hide":"","menu-item-arrow-position":"","menu-item-arrow-size":"","menu-item-arrow-hoffset":"","menu-item-arrow-voffset":"","menu-item-arrow-color":"","menu-item-hover-arrow-color":"","menu-item-thumb-general-settings":"","menu-item-thumb":[],"menu-item-thumb-position":"","menu-item-thumb-bg-repeat":"","menu-item-thumb-bg-size":"","menu-item-thumb-bg-position":"","menu-item-thumb-size-settings":"","menu-item-thumb-size":"","menu-item-thumb-width":"","menu-item-thumb-height":"","menu-item-thumb-crop":"","menu-item-thumb-stretch":"","menu-item-thumb-spacing-settings":"","menu-item-thumb-margin":"","menu-item-thumb-overlay-settings":"","menu-item-thumb-bg-overlay":[],"menu-item-thumb-hover-bg-overlay":[],"menu-item-thumb-filters-settings":"","menu-item-thumb-filter":"","menu-item-thumb-hover-filter":"","menu-item-animation":"","menu-item-hover-animation":"","menu-item-shadow":[],"menu-item-hover-shadow":[],"menu-item-inactive-transforms":[],"menu-item-transforms":[],"menu-item-hover-transforms":[],"menu-item-column":"","level-show-empty":"","logo-hidden":"","submenu-items-hidden":"","submenu-items-label-visibility":"","submenu-items-fullwidth":"","submenu-items-height":"","submenu-items-font-family":"","submenu-items-font-size":"","submenu-items-line-height":"","submenu-items-text-transform":"","submenu-items-text-align":"","submenu-items-vertical-align":"","submenu-items-font-color":"","submenu-items-bg-color":"","submenu-items-active-font-color":"","submenu-items-active-bg-color":"","submenu-items-hover-font-color":"","submenu-items-hover-bg-color":"","submenu-items-padding":"","submenu-items-margin":"","submenu-items-border":[],"submenu-items-icon-size":"","submenu-items-icon-line-height":"","submenu-items-icon-width":"","submenu-items-icon-halign":"","submenu-items-icon-valign":"","submenu-items-icon-color":"","submenu-items-icon-hover-color":"","submenu-items-arrow-hide":"","submenu-items-arrow-position":"","submenu-items-arrow-size":"","submenu-items-arrow-hoffset":"","submenu-items-arrow-voffset":"","submenu-items-arrow-color":"","submenu-items-hover-arrow-color":"","submenu-items-thumb-general-settings":"","submenu-items-thumb-position":"","submenu-items-thumb-bg-repeat":"","submenu-items-thumb-bg-size":"","submenu-items-thumb-bg-position":"","submenu-items-thumb-size-settings":"","submenu-items-thumb-size":"","submenu-items-thumb-width":"","submenu-items-thumb-height":"","submenu-items-thumb-crop":"","submenu-items-thumb-stretch":"","submenu-items-thumb-spacing-settings":"","submenu-items-thumb-margin":"","submenu-items-thumb-overlay-settings":"","submenu-items-thumb-bg-overlay":[],"submenu-items-thumb-hover-bg-overlay":[],"submenu-items-thumb-filters-settings":"","submenu-items-thumb-filter":"","submenu-items-thumb-hover-filter":"","submenu-items-animation":"","submenu-items-hover-animation":"","submenu-items-shadow":[],"submenu-items-hover-shadow":[],"submenu-items-inactive-transforms":[],"submenu-items-transforms":[],"submenu-items-hover-transforms":[],"enabled":"yes","menu-trigger-selector":".sm-trigger-26","real-mobile-breakpoint":0}},"filterMenuOptions":[],"settings":[],"debug":"","sm_debug":""};
/* ]]> */
</script>
<script type='text/javascript' src='https://yoroi.company/wp-content/plugins/slick-menu/assets/js/frontend.min.js?ver=1.2.7' id='slick-menu-frontend-js'></script>
<script type='text/javascript'>
(function() {
				var expirationDate = new Date();
				expirationDate.setTime( expirationDate.getTime() + 31536000 * 1000 );
				document.cookie = "pll_language=en; expires=" + expirationDate.toUTCString() + "; path=/; secure; SameSite=Lax";
			}());
</script>
<script type="text/javascript" id="ct-footer-js">jQuery('.menu').attr({'data-aos-enable': 'true','data-aos': 'slide-left',});jQuery('.service__icon').attr({'data-aos-enable': 'true','data-aos': 'fade-down','data-aos-duration': '800','data-aos-offset': '50','data-aos-once': 'true',});
	  	AOS.init({
	  		  		  		  		  		  		  				  			})
		
				jQuery('body').addClass('oxygen-aos-enabled');
		
		
	</script><script type="text/javascript" id="ct_code_block_js_100133">var cursor = {
    delay: 8,
    _x: 0,
    _y: 0,
    endX: (window.innerWidth / 2),
    endY: (window.innerHeight / 2),
    cursorVisible: true,
    cursorEnlarged: false,
    $dot: document.querySelector('.cursor-dot'),
    $outline: document.querySelector('.cursor-dot-outline'),
    
    init: function() {
        // Set up element sizes
        this.dotSize = this.$dot.offsetWidth;
        this.outlineSize = this.$outline.offsetWidth;
        
        this.setupEventListeners();
        this.animateDotOutline();
    },
    
//     updateCursor: function(e) {
//         var self = this;
        
//         console.log(e)
        
//         // Show the cursor
//         self.cursorVisible = true;
//         self.toggleCursorVisibility();

//         // Position the dot
//         self.endX = e.pageX;
//         self.endY = e.pageY;
//         self.$dot.style.top = self.endY + 'px';
//         self.$dot.style.left = self.endX + 'px';
//     },
    
    setupEventListeners: function() {
        var self = this;
        
        // Anchor hovering
        document.querySelectorAll('a, #image-118-8, .button').forEach(function(el) {
            el.addEventListener('mouseover', function() {
                self.cursorEnlarged = true;
                self.toggleCursorSize();
            });
            el.addEventListener('mouseout', function() {
                self.cursorEnlarged = false;
                self.toggleCursorSize();
            });
        });
        
        // Click events
        document.addEventListener('mousedown', function() {
            self.cursorEnlarged = true;
            self.toggleCursorSize();
        });
        document.addEventListener('mouseup', function() {
            self.cursorEnlarged = false;
            self.toggleCursorSize();
        });
  
  
        document.addEventListener('mousemove', function(e) {
            // Show the cursor
            self.cursorVisible = true;
            self.toggleCursorVisibility();

            // Position the dot
            self.endX = e.pageX;
            self.endY = e.pageY;
            self.$dot.style.top = self.endY + 'px';
            self.$dot.style.left = self.endX + 'px';
        });
        
        // Hide/show cursor
        document.addEventListener('mouseenter', function(e) {
            self.cursorVisible = true;
            self.toggleCursorVisibility();
            self.$dot.style.opacity = 1;
            self.$outline.style.opacity = 1;
        });
        
        document.addEventListener('mouseleave', function(e) {
            self.cursorVisible = true;
            self.toggleCursorVisibility();
            self.$dot.style.opacity = 0;
            self.$outline.style.opacity = 0;
        });
    },
    
    animateDotOutline: function() {
        var self = this;
        
        self._x += (self.endX - self._x) / self.delay;
        self._y += (self.endY - self._y) / self.delay;
        self.$outline.style.top = self._y + 'px';
        self.$outline.style.left = self._x + 'px';
        
        requestAnimationFrame(this.animateDotOutline.bind(self));
    },
    
    toggleCursorSize: function() {
        var self = this;
        
        if (self.cursorEnlarged) {
            self.$dot.style.transform = 'translate(-50%, -50%) scale(0.75)';
            self.$outline.style.transform = 'translate(-50%, -50%) scale(1.5)';
        } else {
            self.$dot.style.transform = 'translate(-50%, -50%) scale(1)';
            self.$outline.style.transform = 'translate(-50%, -50%) scale(1)';
        }
    },
    
    toggleCursorVisibility: function() {
        var self = this;
        
        if (self.cursorVisible) {
            self.$dot.style.opacity = 1;
            self.$outline.style.opacity = 1;
        } else {
            self.$dot.style.opacity = 0;
            self.$outline.style.opacity = 0;
        }
    }
}

cursor.init();</script>
<style type="text/css" id="ct_code_block_css_100133">.cursor-dot,
.cursor-dot-outline {
  	z-index: 10000;
    pointer-events: none;
    position: absolute;
    top: 50%;
    left: 50%;
    border-radius: 50%;
    opacity: 0;
    transform: translate(-50%, -50%);
    transition: opacity 0.15s ease-in-out,
                transform 0.15s ease-in-out;
  
  	-webkit-box-shadow: 0px 0px 1px 1.5px rgba(165,41,41, .5); 
    -moz-box-shadow: 0px 0px 1px 1.5px rgba(165,41,41,.5); 
    box-shadow: 0px 0px 1px 1.5px rgba(165,41,41, .5); 
}

.cursor-dot {
    width: 8px;
    height: 8px;
    background-color: #f8f7f7;
}

.cursor-dot-outline {
    width: 40px;
    height: 40px;
  	border: 1.5px solid #f8f7f7;
    background-color: transparent;
}</style>
<script type="text/javascript" id="ct_code_block_js_100181">Timers = window;


const smc = document.querySelector('#div_block-184-8');
smc.addEventListener('click', (e) => {SlickMenu.toggle(26, () => {
  setTimeout(patchClose, 750);
})});
smc.addEventListener('touchstart', (e) => {SlickMenu.toggle(26, () => {
  setTimeout(patchClose, 750);
})});

function patchClose() {
  element2 = document.querySelector('.sm-close');
  clone2 = element2.cloneNode(true);
  element2.parentNode.replaceChild(clone2, element2);

  sm2 = document.querySelector('.sm-close');
  sm2.addEventListener('click', (e) => {SlickMenu.toggle(26, () => {})}) 
}


/*document.querySelectorAll('.wpcf7-form').forEach(f => f.querySelectorAll('form > div:nth-last-child(3)').forEach(e => e.style.display = "none"));
document.querySelectorAll('.wpcf7-form').forEach(f => f.querySelectorAll('form > div:nth-child(9) > label > span:nth-child(4)').forEach(e => e.innerHTML = 'Io sottoscritto dichiaro di aver letto e compreso l’<a href="https://yoroi.company/privacy-policy/" target="_blank">informativa privacy</a>.'))
*/</script>
<style type="text/css" id="ct_code_block_css_100181">.header .oxy-nav-menu .menu-item-home a {

}</style>
<script src='https://stats.wp.com/e-202151.js' defer></script>
<script>
	_stq = window._stq || [];
	_stq.push([ 'view', {v:'ext',j:'1:10.5-a.3',blog:'151656741',post:'4878',tz:'2',srv:'yoroi.company'} ]);
	_stq.push([ 'clickTrackerInit', '151656741', '4878' ]);
</script>
<!-- /WP_FOOTER --> 
</body>
</html>
